Snort mailing list archives
false positives triggered by i2hub
From: Matt Richard <matt.richard () fandm edu>
Date: Thu, 20 Jan 2005 11:48:19 -0500
The p2p application i2hub (http://www.i2hub.com/) seems to trigger false positives for several ftp rules. I found events for SID's 1377, 1378, 1748, 1777, 1778 , 1992, 2417.
It's not clear to me if it always runs on port 21, or if it just happened to find 21 in this case.
Since our students returned this week, I had about a half-million events due to this.
-Matt -- Matt Richard Access and Security Coordinator Computing Services Franklin & Marshall College matt.richard () fandm edu (717) 291-4157 ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- false positives triggered by i2hub Matt Richard (Jan 20)