[Snort-users] what is the command line to use ignore.rules - pass ip

wkitty42 at ...14940... wkitty42 at ...14940...
Mon Jan 25 15:51:00 EST 2016

On 01/25/2016 01:52 PM, hernani coelho wrote:
> 01/25-18:38:23.425307  [**] [129:15:1] Reset outside window [**]
> [Classification: Potentially Bad Traffic] [Priority: 2] {TCP}
> 2001:8a0:715b:a001:6468:ef70:1e41:e568:58261 ->
> 2606:2800:234:124e:17ca:871:eb2:2067:443

this is one of your internal IPs sending a RST to an outside IP... learn more 
about it at the following link...


then you might want to read about threshold.conf ;)

  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

More information about the Snort-users mailing list