[Snort-users] How to turn off a rule
allowoverride at ...11827...
Thu Oct 11 15:31:33 EDT 2012
ok, my understanding is to turn off a rule in snort.rules by simply
putting a # or commenting it out, in front of the rule.
my question is:
[snort] ssh: Protocol mismatch
turn off this rule.
what do i look for, there are a shyt load of ssh rules.
maybe look for leading line stating 22?
or grep 5946, in snort.rules, right?
ps this is a false positive, as i am 192.168.1.35 connecting to
192.168.1.14.. its me.
More information about the Snort-users