Snort mailing list archives

Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP"

From: "Mike Kelley" <mikek () m-v-t com>
Date: Mon, 17 Oct 2005 14:27:07 -0600

I have 2 machines for which this traffic is "normal" I have looked for
the rule that triggers SPECIFFICALLY this alert ... I can't find it the
SID is 1:151 but there is no matching description; this SID points to
other alerts (BACKDOOR DeepThroat 3.1 Client Sending Data to Server on
Network). There is another BAD TRAFFIC alert and I was able to suppress
that one. I was advised on the sonrt.org forum to upgrade from 2.4.0 to
2.4.1 but I made the jump to 2.4.2 and I am still getting overloaded
with these alerts. I have tried the RTFM approach .. I have searched the
snort forums and read through any relevant posts I can find .... All to
no avail ... any help would be greatly appreciated.

 

Mike K

Current thread:

Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Mike Kelley (Oct 17)
- Re: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Matt Kettler (Oct 17)
- Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Postmaster (Nov 01)
  - RE: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Paul Melson (Nov 01)
- <Possible follow-ups>
- RE: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Mike Kelley (Oct 17)
  - Re: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Matt Kettler (Oct 17)
- RE: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Mike Kelley (Oct 17)
- RE: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Mike Kelley (Oct 17)
  - Re: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Matt Kettler (Oct 17)