[Snort-users] snort suddenly stopped to record events
wkitty42 at ...14940...
Fri Jul 26 14:48:53 EDT 2013
On 7/26/2013 10:18, Alex wrote:
> So, what should be commented out in snort.conf or what rules should be
> activated in order to make snort able to detect and identify such network
check nmap for what those options generate as packets... then you'll have to
find or write rules to detect those packets... they may exist already and be
disabled... i don't know... i had to specifically disable some ICMP rules in my
locations to turn off alerts from them but i think they were from a different
supplier... you might also want to use the community rules if you are not
already... they might have related scan type rules...
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
More information about the Snort-users