Snort mailing list archives
Re: Proxy Servers generating false positives
From: Jason Haar <Jason.Haar () trimble co nz>
Date: Sat, 31 Oct 2009 15:48:56 +1300
On 10/31/2009 10:57 AM, Jefferson, Shawn wrote:
Well, I could see straight off the bat that you would be possibly giving up detection on attack responses and malware that is proxy-aware.
Indeed, I can assert that snort picks up tonnes of malware via our proxies. What makes the original poster so sure snort is triggering false positives? (to such an extent that you'd contemplate BPF filtering out proxy traffic instead of turning off a few FP rules) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Proxy Servers generating false positives Chan, Wilson (Oct 30)
- Re: Proxy Servers generating false positives Jefferson, Shawn (Oct 30)
- Re: Proxy Servers generating false positives Jason Haar (Oct 30)
- Re: Proxy Servers generating false positives Brandon Harms (Oct 31)
- Re: Proxy Servers generating false positives Nigel Houghton (Oct 31)
- Re: Proxy Servers generating false positives Brandon Harms (Nov 02)
- Re: Proxy Servers generating false positives Jason Haar (Oct 30)
- Re: Proxy Servers generating false positives Jefferson, Shawn (Oct 30)
- <Possible follow-ups>
- Re: Proxy Servers generating false positives Chan, Wilson (Oct 30)
- Re: Proxy Servers generating false positives Chan, Wilson (Oct 30)
- Re: Proxy Servers generating false positives Jason Haar (Oct 30)