[Snort-users] Suppressing the SCAN UPnP service alerts

Joel Esler (jesler) jesler at ...589...
Wed Jun 25 07:14:44 EDT 2014


Should be in scan.rules. 

See the first word?  All in caps?  That's the category. Should be in that rule file. 

However, it looks like you are running a very old version of the rules.  You probably will want to update. 

--
Joel Esler
Sent from my iPhone

> On Jun 25, 2014, at 2:18, "basant subba" <basantsubba at ...11827...> wrote:
> 
> When I run snort, I get  a lot of "SCAN UPnP service discover attempt" alerts with SID 1917? How do I suppress this alert? Which .rules file contains the signature corresponding to this alarm? Also is it something I should keep track of?
> ------------------------------------------------------------------------------
> Open source business process management suite built on Java and Eclipse
> Turn processes into business applications with Bonita BPM Community Edition
> Quickly connect people, data, and systems into organized workflows
> Winner of BOSSIE, CODIE, OW2 and Gartner awards
> http://p.sf.net/sfu/Bonitasoft
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list