[Oisf-users] threshold will not work on suricata v1.4.1
Peter Manev
petermanev at gmail.com
Fri Mar 22 13:05:08 UTC 2013
Hi Stefan,
So you are saying it was working before... and now it is not again?
Thanks
On Fri, Mar 22, 2013 at 2:03 PM, Stefan Sabolowitsch <
Stefan.Sabolowitsch at felten-group.com> wrote:
> Hi all,
> i have here latest suricata (in IPS mode) on Centos 6.4 with 3.8 Kernel.
>
> this rules
>
> suppress gen_id 139, sig_id 2002068, track by_src, ip 192.168.1.37
> suppress gen_id 139, sig_id 2002068, track by_dst, ip 192.168.1.37
>
> or this will not work
>
> suppress gen_id 139, sig_id 2002068, track by_src, ip 192.168.100.120
> suppress gen_id 139, sig_id 2002068, track by_dst, ip 192.168.100.120
>
> i get always this alarm on suri (no errors seen in sure log file)
>
> Mar 22 01:59:19 ipd1 snort[7533]: [1:2002068:8] ET EXPLOIT NDMP Notify Connect - Possible Backup Exec Remote Agent Recon [Classification: Attempted Information Leak] [Priority: 2] {TCP} 192.168.100.120:10000 -> 192.168.1.37:59918
>
> any help here ?
>
> Best regards
> Stefan
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>
--
Regards,
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130322/d9682a96/attachment-0002.html>
More information about the Oisf-users
mailing list