Thursday, August 04, 2011

Snort and Thresholding Noisy Alerts

I'm trying to stay sharp as a security techie, so I've been trying to contribute to Linux and security forums.  There's a guy who was asking how to use bpf.conf with Snort.  I suggested he use threshold.conf instead.  I actually referenced this (I love TaoSecurity) to help him.  He was being flooded with "SHELLCODE x86 inc ecx NOOP" alerts.  The assistance thread is here, at