Re: [Snort-users] Alert Suppresion Fail
This is a discussion on Re: [Snort-users] Alert Suppresion Fail within the Snort forums, part of the System Security and Security Related category; -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There is no sid of 16. What alert are you trying to suppress? Are =...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-18-2006
|
|||
|
|||
Re: [Snort-users] Alert Suppresion Fail
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 There is no sid of 16. What alert are you trying to suppress? Are =20 you trying to suppress "http_inspect: OVERSIZE CHUNK ENCODING"? That would be gen_id 119, sig_id 16. Check out your gen-msg.map and sid-msg.map in your etc/ directory in =20 Snort. Joel On May 18, 2006, at 6:07 PM, kritikus Araklidas wrote: > Hi everyone: > > I have installed the snort 2.4.4 and after some week monitoring my =20 > network i'm still working on threads suppresion, so, some of them =20 > work fine but, some of then doesn't work like the following: > > GEN:SID 1:16 > > Message Sorry, no such sid-gen (1:16) > > I configure on threshold.conf file the supression rule like: > > suppress gen_id 1, sig_id 16, track by_src, ip X.X.X.0/24 > > But the suppresion doesn't work, the same thing happend with the =20 > GEN:SID with no information on snort database. > > Any idea is appreciated. > > Regards. > > Chris. > > __________________________________________________ _______________ > Is your PC infected? Get a FREE online computer virus scan from =20 > McAfee=AE Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?=20= > cid=3D3963 > > > > ------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, =20 > security? > Get stuff done quickly with pre-integrated technology to make your =20 > job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache =20 > Geronimo > http://sel.as-us.falkag.net/sel?=20 > cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D121642 > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...=3Dsnort-users > - --Joel joel.esler@sourcefire.com http://demo.sourcefire.com/jesler.pgp.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFEbPmiKbCSyXHckt4RAnYIAKCdPVrSobsBOHQ/mh1iznxLcxIhmACggvxC bNoOGfRO7UKz4EfNIyqRlUI=3D =3DyWzA -----END PGP SIGNATURE----- ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=...057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
