RE: [Snort-users] snort and clarckconnect gatway

This is a discussion on RE: [Snort-users] snort and clarckconnect gatway within the Snort forums, part of the System Security and Security Related category; Add a suppress entry in your threshold.conf That's the correct way. =20 -----Original Message----- From: snort-users-admin@...


Go Back   Usenet Forums > System Security and Security Related > Snort

Reload this Page RE: [Snort-users] snort and clarckconnect gatway

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 02-25-2005
Chris Vaughan
 
Posts: n/a
Default RE: [Snort-users] snort and clarckconnect gatway
Add a suppress entry in your threshold.conf

That's the correct way.
=20

-----Original Message-----
From: snort-users-admin@lists.sourceforge.net =
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Thomas =
Debost
Sent: Thursday, February 24, 2005 9:14 AM
To: snort-users@lists.sourceforge.net
Subject: [Snort-users] snort and clarckconnect gatway

hi,

Snort pinpointed a weird (i think) behaviour.

My CC gateway periodically pings my ADSL router. this small network =
being
obviously considered as outside, snort raises an alert for each ICMP
packet. This is quite annoying as it is basically false alarm (isn't =
it?).

multiple solutions now:

1. add the network composed of the router and the external gateway to =
the
HOME_NETWORK.

2. comment out the correct signatures in /et/snort/icmp-info.rules.

3. block ICMP packets between the router and the gateway.

which one would be your favourite ?



Thanks

Tomdeb


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id=14396&op=3Dick
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=3Dort-users




-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 10:57 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0