Snort mailing list archives
Same source/dest
From: Keg <snrtlst () netscape net>
Date: Tue, 01 Apr 2003 16:19:47 -0500
I have disable 'bad traffic same src/dst' in bad-traffic rules but I just want to check with you my thoughts on that. I was receiving a lot of those on port 25 for public ip and dmz ip of my mail server. My guess at this poitn is that the snort rule is triggered because each time mail is received or even ident lookup is done the traffic is passed between NATed ip and source ip of the mail sevrer, this in turn triggers the rule. That's why I disabled it (I was having new entry each second in Acid, you can guess how fast the database will be populated with those errors) I just want to hear your opinion on that.....probably I shouldn't have done that?
--Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/
-------------------------------------------------------This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Same source/dest Keg (Apr 01)
- Re: Same source/dest james (Apr 01)
- Re: Same source/dest Erek Adams (Apr 02)
- Re: Same source/dest James-lists (Apr 02)
- Re: Same source/dest Erek Adams (Apr 02)
- <Possible follow-ups>
- RE: Same source/dest Brei, Matt (Apr 02)
- Re: Same source/dest Keg (Apr 02)
- RE: Same source/dest Hutchinson, Andrew (Apr 02)
- RE: Same source/dest Brei, Matt (Apr 02)
- RE: Same source/dest Erek Adams (Apr 02)
- Re: Same source/dest Keg (Apr 02)
- Re: Same source/dest Erek Adams (Apr 02)
- RE: Same source/dest Erek Adams (Apr 02)
- Re: Same source/dest james (Apr 01)