Snort mailing list archives

So many of false alerts

From: "Syed Mohammad Talha" <talha () cbq com qa>
Date: Sat, 20 Oct 2001 08:14:37 +0300

MessageHi,

I am getting so many of false alerts, like;

MISC source port 53 to <1024         7648
UDP scan                                               594
DNS zone transfer [arachNIDS]        396
TCP ******S* scan                                    291
Virus - Possible pif Worm                    197

and lots of more, can some one help me in reducing these.



Regards.

Talha

Current thread:

Snort on Checkpoint Firewall-1 Dresen, Scott (Oct 19)
- RE: Snort on Checkpoint Firewall-1 Ofir Arkin (Oct 19)
  - So many of false alerts Syed Mohammad Talha (Oct 19)
- Re: Snort on Checkpoint Firewall-1 Fyodor (Oct 20)