Snort mailing list archives
Filter Out a Snort Decoder
From: "Mike Maki" <mmaki () adelphia net>
Date: Mon, 5 Jan 2004 13:24:02 -0800
Using Snort version 2.1.0. I have an OpenBSD box running samba and for some reason it's sending out corrupt(?) browser election data that snort picks up as noted below: (snort\_decoder) WARNING: Not IPv4 datagram! IPv0: 192.168.1.12 -> 192.168.1.127 hlen=0 TOS=0 dlen=0 ID=0 flags=0 offset=0 TTL=0 chksum=230 UDP: port= -> dport: len= Payload: none My question is, how can set snort to not report this host for this issue? Thanks ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Filter Out a Snort Decoder Mike Maki (Jan 05)