[Snort-users] what is the command line to use ignore.rules - pass ip

wkitty42 at ...14940... wkitty42 at ...14940...
Mon Jan 25 15:51:00 EST 2016


On 01/25/2016 01:52 PM, hernani coelho wrote:
> 01/25-18:38:23.425307  [**] [129:15:1] Reset outside window [**]
> [Classification: Potentially Bad Traffic] [Priority: 2] {TCP}
> 2001:8a0:715b:a001:6468:ef70:1e41:e568:58261 ->
> 2606:2800:234:124e:17ca:871:eb2:2067:443

this is one of your internal IPs sending a RST to an outside IP... learn more 
about it at the following link...

https://www.google.com/search?q=snort+"Reset+outside+window"


then you might want to read about threshold.conf ;)

-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.




More information about the Snort-users mailing list