Snort mailing list archives
Finding and Removing Rules
From: "Jones, Christopher \(Chris\) \(Maj\) via Snort-users" <snort-users () lists snort org>
Date: Fri, 7 Jul 2017 23:28:57 +0000
All, There have been some difficult questions brought forward lately so here's an easy one. I'm commenting out rules that are generating a bunch of alerts that don't appear to be risky. Most rules are nicely named so I can find them in the appropriate rule file and comment them out. This latest one is not so easy: [**] [129:15:1] Reset outside window [**] [Classification: Potentially Bad Traffic] [Priority: 2] Two questions: 1. How do I read the [129:15:1]? 2. Is this rule in a regular rule file, preprocessor or other file? Thanks very much. CJ
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Finding and Removing Rules Jones, Christopher (Chris) (Maj) via Snort-users (Jul 07)
- <Possible follow-ups>
- Re: Finding and Removing Rules Al Lewis (allewi) via Snort-users (Jul 09)