Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort Glitch perhaps

From: Erek Adams <erek () snort org>
Date: Thu, 6 Mar 2003 12:23:56 -0500 (EST)
On Thu, 6 Mar 2003, Allan wrote:


I am using RH 8.0 with snort 1.9.1 and latest ACID.
When I modified the rules, I decided to turn on the porn rule.  I have 2
known users that surf when they shouldnt be "cest la vie".

What is interesting is when I log into the acid console from my home remote
computer, it starts flagging alerts, when I look they are pron alerts coming
from my snort box serving my home pc.  I am sitting in fromnt of my snort
box, and logging into acid console all is well, except I am seeing porn
rules coming from an outside address to my networ broadcast.


If you are surfing into your ACID box and looking at alerts, and Snort
just happens to sit on that same net....  Snort will see the pr0n keywords
and it will alert on that....  So each time you view an alert, you will
get an alert.  :-)

Use https, stunnel, ssh or something to encrypt the traffic back to your
outside location.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: