Snort mailing list archives
RE: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP"
From: "Mike Kelley" <mikek () m-v-t com>
Date: Mon, 17 Oct 2005 14:52:48 -0600
I have read and re-read those pages on the manual ... I find nothing in the config <DIRECTIVES> area of the snort manual that hints it would help me suppress this traffic (system wide let alone for 2 IP's) .... help a blind PHB (<== Dilbertism) to see Mike -----Original Message----- From: Matt Kettler [mailto:mkettler () evi-inc com] Sent: Monday, October 17, 2005 2:32 PM To: Mike Kelley Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Mike Kelley wrote:
I have 2 machines for which this traffic is "normal" I have looked for the rule that triggers SPECIFFICALLY this alert ... I can't find it
This isn't a rule, it's an alert generated directly by the snort decoder itself. http://www.networksecurityarchive.org/html/Snort-Signatures/2005-09/msg0 0066.html ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Mike Kelley (Oct 17)
- Re: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Matt Kettler (Oct 17)
- Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Postmaster (Nov 01)
- RE: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Paul Melson (Nov 01)
- <Possible follow-ups>
- RE: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Mike Kelley (Oct 17)
- Re: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Matt Kettler (Oct 17)
- RE: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Mike Kelley (Oct 17)
- RE: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Mike Kelley (Oct 17)
- Re: Can't suppress "(snort decoder) Bad Traffic Same Src/Dst IP" Matt Kettler (Oct 17)