[Snort-users] How to turn off a rule

AllowOverride allowoverride at ...11827...
Thu Oct 11 15:31:33 EDT 2012

ok, my understanding is to turn off a rule in snort.rules by simply
putting a # or commenting it out, in front of the rule.

my question is:

[snort] ssh: Protocol mismatch

turn off this rule. 

what do i look for, there are a shyt load of ssh rules. 
maybe look for leading line stating 22?

or grep 5946, in snort.rules, right?


ps this is a false positive, as i am connecting to its me. 

More information about the Snort-users mailing list