[Snort-users] NIPS Rules

Manojit Ghosh a46105 at gmail.com
Mon Aug 21 14:25:40 EDT 2017


Hi,

I have installed Snort 2.9.9.0 on windows 7 professional 32 bit and running
it using the command snort -i 3 -c C:\Snort\etc\snort.conf -A fast. In the
alert.ids file, I see a lot of reset outside window alerts, such as this,
08/21-23:16:37.473511  [**] [129:15:1] Reset outside window [**]
[Classification: Potentially Bad Traffic] [Priority: 2] {TCP}
XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:443 -> XXXX:XXXX:XXXX:XXXX:XXXX:57462.
I have reason to believe that these alerts are the result of malicious
activities. I want to protect my network from these attacks. Please provide
me the precise instructions to prevent these attacks, i.e. the rule(s), the
file to place the rule(s) in, & the location of the file.

-- 
Manojit Ghosh
CEO, A Joshing Moth
ajoshingmoth.blogspot.in

*Disclaimer:*
This e-mail contains privileged and confidential information intended
solely for the use of the addressee(s). If you are not the intended
recipient, please notify the sender by e-mail and delete the original
message. Further, you are not to copy, disclose, or distribute this e-mail
or its contents to any other person and any such actions are unlawful. This
e-mail may contain viruses. The sender has taken every reasonable
precaution to minimize this risk, but is not liable for any damage you may
sustain as a result of any virus in this e-mail. You should carry out your
own virus checks before opening the e-mail or attachment. The sender
reserves the right to monitor and review the content of all messages sent
to or from this e-mail address. Messages sent to or from this e-mail
address may be stored on the e-mail system.
*End of Disclaimer*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170821/e977fa4f/attachment.html>


More information about the Snort-users mailing list