Snort mailing list archives
Re: DOS MSDTC attempt false positive
From: Roberto Suarez Soto <robe () alfa21 com>
Date: Thu, 9 May 2002 10:25:12 +0200
On May/09, Kenny D wrote:
I was thinking of writing a pass rule to ignore alerts where source port is 80 and destination port1023.
I've simply added a pass rule for connections from 80 on a external host to 3372 on some of the local hosts (i.e., the web proxy). It works, and I don't think I'm being much more vulnerable by ignoring these connections. Besides, the 3372 is closed on the firewall by default, so that's another reason to be sure about that :-) -- Roberto Suarez Soto Alfa21 Outsourcing robe () alfa21 com http://www.alfa21.com _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- DOS MSDTC attempt false positive Kenny D (May 08)
- Re: DOS MSDTC attempt false positive Matt Kettler (May 08)
- Re: DOS MSDTC attempt false positive Kenny D (May 08)
- Re: DOS MSDTC attempt false positive Roberto Suarez Soto (May 09)
- Re: DOS MSDTC attempt false positive Bill McCarty (May 10)
- Re: DOS MSDTC attempt false positive Matt Kettler (May 11)
- Re: DOS MSDTC attempt false positive Matt Kettler (May 11)
- Re: DOS MSDTC attempt false positive Bill McCarty (May 11)
- Re: DOS MSDTC attempt false positive Matt Kettler (May 08)