I have two signature, TCP_Overlap_Data and HTTP_NCSA_Buffer_Overflow, that are generating lots of events. I set Event Propagation for each signature to Use Source Address and Use Source Port for duplicates, and have Flood Protection set. I have set Event Filtering to Ignore duplicate events for 360 seconds. However, I am still getting thousands of these an hour. What am I doing wrong? How can I reduce the number of these events coming in?
I am using SiteProtector 2.0 with a 6.5 Nokia Network sensor. Thanks Dan Wangler, GCIA, IT Security Administrator IT Security Response Team, Texas Instruments, Inc. Spring Creek Bldg 1, C196 6500 Chase Oaks Blvd, MS 8417, Plano, Texas, 75023 Tel #: 214-567-8304; Email: [EMAIL PROTECTED] _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
