Snort mailing list archives
how to get snort to ignore kazaa
From: peter moody <peter () ucsc edu>
Date: 28 Apr 2003 10:21:53 -0700
Hello, the short story is this: I'd like to find a way to get snort to ignore kazaa traffic. The long story is this: I work for a university and we've got two boxes running snort looking for "bad traffic". We also subscribe to one of those online event correlation services which send out daily notices of the worst offenders and what not. The problem is that, every day, our users are being flagged as the worst offenders and so far, 100% of the time, the offense has had to do with port scanning related to p2p apps (kazaa being the most found). So, short of turning off the portscan2 preprocessor, is there anyway to get snort to ignore this traffic? I've got other tools which monitor bandwidth usage on a per-user basis, so I'm not really worried about this p2p traffic. So, does anyone have any advice? TIA. -Peter -- Peter Moody <peter () ucsc edu> InfoSec Administrator 831/459.5409 Communications and Technology Services. http://mustard.ucsc.edu/pubkey UC, Santa Cruz. :wq
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- how to get snort to ignore kazaa peter moody (Apr 28)