Remove "IPV6 truncated header" in snort alerts howto

Quite a mouthful that title, eh? ;-)

Anyhow, if you get tons of an alert like

(snort decoder) IPV6 truncated header

and would like to remove it, open the file /etc/snort/threshold.conf/ in your favorite browser and add this line:

suppress gen_id 116, sig_id 273

Next, if you have just installed snort, open /etc/snort/snort.conf and find the following line:
# include threshold.conf
and replace it with:
include threshold.conf

Restart snort: /etc/init.d/snort restart

Now you should be set to go! :-)


Written by Jannich Brendle tor 19 januar 2012 In How to

tags: debianHIDSIDSNIDSsecurity

Related posts

social