Snort mailing list archives
how to fast locate the rule by the alert?
From: Lin.Zhong () Dartmouth EDU (Lin Zhong)
Date: 15 Mar 2004 18:30:17 EST
I am trying to block some of the alert when using snort as IDS. Do you know how I can locate the rules for that specific alert? Because I use snort to read the header, it create a lot of alert unwanted like [**] [116:97:1] (snort_decoder): Short UDP packet, length field > payload length [**] [Priority: 0] 12/12-21:00:02.815941 129.170.16.4:0 -> 129.170.47.15:0 UDP TTL:62 TOS:0x0 ID:53952 IpLen:20 DgmLen:176 Len: 148 Do you know how I can get rid of them? Thanks, ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- how to fast locate the rule by the alert? Lin Zhong (Mar 15)