[Snort-users] How to turn off a rule

AllowOverride allowoverride at ...11827...
Thu Oct 11 15:31:33 EDT 2012


ok, my understanding is to turn off a rule in snort.rules by simply
putting a # or commenting it out, in front of the rule.

my question is:

            #22-(2-5946)
[snort] ssh: Protocol mismatch

turn off this rule. 

what do i look for, there are a shyt load of ssh rules. 
maybe look for leading line stating 22?

or grep 5946, in snort.rules, right?

thanks!

ps this is a false positive, as i am 192.168.1.35 connecting to
192.168.1.14.. its me. 





More information about the Snort-users mailing list