<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">
<div>Hi all,</div>
<div>i have here latest suricata (in IPS mode) on Centos 6.4 with 3.8 Kernel.</div>
<div><br>
</div>
<div>this rules</div>
<div><br>
</div>
<div>
<div>suppress gen_id 139, sig_id 2002068, track by_src, ip 192.168.1.37</div>
<div>suppress gen_id 139, sig_id 2002068, track by_dst, ip 192.168.1.37</div>
</div>
<div><br>
</div>
<div>or this will not work</div>
<div><br>
</div>
<div>
<div>suppress gen_id 139, sig_id 2002068, track by_src, ip 192.168.100.120</div>
<div>suppress gen_id 139, sig_id 2002068, track by_dst, ip 192.168.100.120</div>
</div>
<div><br>
</div>
<div>i get always this alarm on suri (no errors seen in sure log file)</div>
<div><br>
</div>
<div>
<pre style="margin-top: 0px; padding: 0px; line-height: 16px; color: rgb(57, 57, 57); text-align: left; "><font face="Calibri">Mar 22 01:59:19 ipd1 snort[7533]: [1:2002068:8] ET EXPLOIT NDMP Notify Connect - Possible Backup Exec Remote Agent Recon [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.100.120:10000 -> 192.168.1.37:59918
</font></pre>
</div>
<div>any help here ?</div>
<div><br>
</div>
<div>Best regards</div>
<div>Stefan</div>
</body>
</html>