[Snort-users] False positives/Oink Code/Oinkmaster vs Pulled Pork?
oly562 at ...11827...
Thu Sep 6 12:35:07 EDT 2012
I installed acidbase, snort-mysql, today. it's up and running, however I
still get this activity.
[snort]COMMUNITY SIP TCP/IP message flooding directed to SIP proxy
sorry about the formating, cut/paste.
i was advised to mv from 2800 to 2900. So i did yet still i get this
"message flooding alert. it's annoying, how to go about tuning and
turning off this alert.
ALSO, i would like the rules to be updated, and i do have oink code, but
it's listed oddly on snort.org. I don't know which one to use, nor how
to use pulled pork, or oinkmaster so forth. What is the best link for
this info, and what are the simple steps i need to take to get rules
updating with oink code:
(removed the last few digits for security purposes
Which Code works for sure? the first or last? I do not remember which is
newest. the first 3 are the same by the way.
here is my version of snort.
,,_ -*> Snort! <*-
o" )~ Version 2.9.2 IPv6 GRE (Build 78)
'''' By Martin Roesch & The Snort Team:
Copyright (C) 1998-2011 Sourcefire, Inc., et al.
Using libpcap version 1.1.1
Using PCRE version: 8.12 2011-01-15
Using ZLIB version: 220.127.116.11
i look forward to your replies. thanks!
Oly aka pete
More information about the Snort-users