Snort mailing list archives
Re: How can I filter...
From: Fred Edwards <Fred.Edwards () STMARYS CA>
Date: Fri, 22 Jun 2001 10:29:27 -0300
apologies if the question was simple ;-) another one however does come to mind... I get enormous "ICMP Destination Unreachable" traffic from my DNS server hence the reason for filtering it out... is this a good idea? I get bombarded by line after line of these alerts and it makes it tedious at best to distinguish any valid alerts of this nature and an incredible pain to pick out other (what I would suspect) more important alerts... so again, is filtering out these a good idea? Fred Edwards ----- Original Message ----- From: "Vitaly Osipov" <vosipov () wolfegroup ie> To: "Fred Edwards" <Fred.Edwards () STMARYS CA> Cc: "snort-l" <snort-users () lists sourceforge net> Sent: Friday, June 22, 2001 9:53 AM Subject: Re: [Snort-users] How can I filter... RTFM and comment out all the rules in icmp.conf (or maybe somewhere else in .conf files) which match the signature you don't want to be reported :) regards, Vitaly. Fred Edwards wrote:
I have the feeling that this question has been asked more times then
I
could count, but I would like a bit of help just the same... How can I filter out or remove the incredible amounts of "snort:
ICMP
Destination Unreachable" alerts that I get? Thanks! ============================================ Fred Edwards Library Systems Technician Patrick Power Library Saint Mary's University Halifax, Nova Scotia B3H 3C3 Phone: (902) 420-5096 Fax: (902) 420-5561 E-mail: Fred.Edwards () StMarys ca Website: http://www.stmarys.ca/administration/library/ ============================================ Quis custodiet ipsos custodes? _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How can I filter... Fred Edwards (Jun 22)
- Re: How can I filter... Vitaly Osipov (Jun 22)
- Re: How can I filter... Fred Edwards (Jun 22)
- Re: How can I filter... Vitaly Osipov (Jun 22)