Snort mailing list archives
Re: DOS MSDTC attempt false positive
From: Roberto Suarez Soto <robe () alfa21 com>
Date: Thu, 9 May 2002 10:25:12 +0200
On May/09, Kenny D wrote:
I was thinking of writing a pass rule to ignore alerts where source port is 80 and destination port1023.
I've simply added a pass rule for connections from 80 on a external
host to 3372 on some of the local hosts (i.e., the web proxy). It works, and I
don't think I'm being much more vulnerable by ignoring these connections.
Besides, the 3372 is closed on the firewall by default, so that's another
reason to be sure about that :-)
--
Roberto Suarez Soto Alfa21 Outsourcing
robe () alfa21 com http://www.alfa21.com
_______________________________________________________________
Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- DOS MSDTC attempt false positive Kenny D (May 08)
- Re: DOS MSDTC attempt false positive Matt Kettler (May 08)
- Re: DOS MSDTC attempt false positive Kenny D (May 08)
- Re: DOS MSDTC attempt false positive Roberto Suarez Soto (May 09)
- Re: DOS MSDTC attempt false positive Bill McCarty (May 10)
- Re: DOS MSDTC attempt false positive Matt Kettler (May 11)
- Re: DOS MSDTC attempt false positive Matt Kettler (May 11)
- Re: DOS MSDTC attempt false positive Bill McCarty (May 11)
- Re: DOS MSDTC attempt false positive Matt Kettler (May 08)