Snort mailing list archives

Previous By Date Next
Previous By Thread Next

false alerts

From: "support" <support () mifellowship org>
Date: Thu, 24 Jan 2002 11:22:52 +1100
I have am having a problem with snort ...
I apologize in advance for the nature of the question , however...
When running Snort 1.8.3 in daemon mode with no output modules I am
receiving false alerts from my internal network. Below is an excerpt from my
logs

"
Jan 24 10:23:46 proxy snort[12568]: [1:618:1] INFO - Possible Squid Scan
[Classification: Attempted Information Leak] [Priority: 2]: {TCP}
192.168.0.10:1387 -> 192.168.0.8:3128
Jan 24 10:23:49 proxy snort[12568]: [1:618:1] INFO - Possible Squid Scan
[Classification: Attempted Information Leak] [Priority: 2]: {TCP}
192.168.0.10:1388 -> 192.168.0.8:3128
"
The snort.conf file is from version 1.8.1 and defines the internal network
both in HOME_NET and within the preprocessor portscan-ignorehosts
Any suggestions would be greatly appreciated.

David





_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: