[Oisf-users] threshold will not work on suricata v1.4.1
Stefan Sabolowitsch
Stefan.Sabolowitsch at felten-group.com
Fri Mar 22 13:03:06 UTC 2013
Hi all,
i have here latest suricata (in IPS mode) on Centos 6.4 with 3.8 Kernel.
this rules
suppress gen_id 139, sig_id 2002068, track by_src, ip 192.168.1.37
suppress gen_id 139, sig_id 2002068, track by_dst, ip 192.168.1.37
or this will not work
suppress gen_id 139, sig_id 2002068, track by_src, ip 192.168.100.120
suppress gen_id 139, sig_id 2002068, track by_dst, ip 192.168.100.120
i get always this alarm on suri (no errors seen in sure log file)
Mar 22 01:59:19 ipd1 snort[7533]: [1:2002068:8] ET EXPLOIT NDMP Notify Connect - Possible Backup Exec Remote Agent Recon [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.100.120:10000 -> 192.168.1.37:59918
any help here ?
Best regards
Stefan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130322/72fcc397/attachment.html>
More information about the Oisf-users
mailing list