Snort mailing list archives
false positive + NAT
From: Frederic Lemoine <Frederic.Lemoine () Manpowerinc com>
Date: Mon, 17 Sep 2001 15:09:16 +0200
Hello, We do network address translation (hide mode) on the firewall. I have a lot of alerts like WEB-MISC http directory traversal WEB-MISC ultraboard access WEB-MISC whisker head source IP : our firewall, high ports destination IP : web sites, port 80 This is obviously the traffic back to the web servers, firstly originated by our users from the Internal LAN. I am wondering how not to log this kind of traffic, and why does snort identify this as an attempt. F. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- false positive + NAT Frederic Lemoine (Sep 17)
- <Possible follow-ups>
- RE: false positive + NAT Lee Brotherston (Sep 17)