Snort mailing list archives
Re: how to stop these UDP TCP alerts?
From: jlarsson () altavoz net
Date: Wed, 24 Sep 2003 15:26:13 -0400 (CLT)
Do you mean this section... ? What i mean is that i dont understand what these option do and what their explanations mean.. /Johan # Configure the snort decoder: # ============================ # # Stop generic decode events: # # config disable_decode_alerts # # Stop Alerts on experimental TCP options # config disable_tcpopt_experimental_alerts # # Stop Alerts on obsolete TCP options # config disable_tcpopt_obsolete_alerts # # Stop Alerts on T/TCP alerts # config disable_ttcp_alerts # # Stop Alerts on all other TCPOption type events: # # config disable_tcpopt_alerts # # Stop Alerts on invalid ip options # config disable_ipopt_alerts Quoting Erek Adams <erek () snort org>:
On Wed, 24 Sep 2003, jlarsson () altavoz net wrote:I have scanned through mailinglists looking for which "false alerts"these TCPchecks will stop. I get the following messages in my alert file (snort_decoder): Short UDP packet, length field > payload length (snort_decoder) WARNING: TCP Header length exceeds packet length! (snort_decoder): Truncated Tcp Options where can i find an explanation of what these means "Stop genericdecode event","Stop alerts on experimental TCP options", etc.Have a look in snort.conf. There's a whole section that deals with those types of alerts! :) ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- how to stop these UDP TCP alerts? Clayton Mascarenhas (Sep 22)
- Re: how to stop these UDP TCP alerts? Erek Adams (Sep 23)
- Re: how to stop these UDP TCP alerts? jlarsson (Sep 24)
- Re: how to stop these UDP TCP alerts? Erek Adams (Sep 24)
- Re: how to stop these UDP TCP alerts? jlarsson (Sep 24)
- Re: how to stop these UDP TCP alerts? Phil Wood (Sep 25)
- Re: how to stop these UDP TCP alerts? jlarsson (Sep 24)
- Re: how to stop these UDP TCP alerts? Erek Adams (Sep 23)