Snort mailing list archives
false alerts
From: "support" <support () mifellowship org>
Date: Thu, 24 Jan 2002 11:22:52 +1100
I have am having a problem with snort ... I apologize in advance for the nature of the question , however... When running Snort 1.8.3 in daemon mode with no output modules I am receiving false alerts from my internal network. Below is an excerpt from my logs " Jan 24 10:23:46 proxy snort[12568]: [1:618:1] INFO - Possible Squid Scan [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 192.168.0.10:1387 -> 192.168.0.8:3128 Jan 24 10:23:49 proxy snort[12568]: [1:618:1] INFO - Possible Squid Scan [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 192.168.0.10:1388 -> 192.168.0.8:3128 " The snort.conf file is from version 1.8.1 and defines the internal network both in HOME_NET and within the preprocessor portscan-ignorehosts Any suggestions would be greatly appreciated. David _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- false alerts support (Jan 23)
- Re: false alerts Phil Wood (Jan 24)