Snort mailing list archives
(no subject)
From: Lakshmi <lakshmi_rm () sify com>
Date: Sat, 21 Sep 2002 11:04:50 +0600 (IST)
Hi all, The IDS we use works on snort 1.8.3 and we use demarc 1.05 to monitor the alerts.Our alerts consists of a number of "spp_unidecode: Invalid Unicode String detected". Is there any problem if this alert is disabled as a whole? will any genuine alert be prevented from coming up in doing so?..that is will we miss out any attempted intrusion from being alerted?while monitoring the payloads of these alerts we felt that only some of them refer to some suspicious activity.Is there any possibility to restrict this alert for specified ips alone? Can someone help out? ------------------------------------------------- Sify Mail - now with Anti-virus protection powered by Trend Micro, USA. Know more at http://mail.sify.com Want to get into IIM? Take the Sify Mock CAT now! http://education.sify.com/mockcat ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- (no subject), (continued)
- (no subject) Lionel Fairon (Aug 28)
- Re: (no subject) Roman Danyliw (Sep 05)
- (no subject) Marc Dreher (Sep 06)
- Issue with barnyard & unified alert log file Marc Dreher (Sep 06)
- (no subject) Earl D. Fife (Sep 11)
- (no subject) Sergg B. (Sep 15)
- (no subject) snort bsd (Sep 22)
- (no subject) Roger Parx (Sep 24)
- RE: (no subject) Wayne T Work (Sep 24)
- Re: (no subject) Joe Giles (Sep 24)
- (no subject) Lakshmi (Sep 25)
- (no subject) 赵光明 (Sep 28)