Snort mailing list archives
Problems with snort
From: Philip Edwards <phil.e () clara net>
Date: Mon, 26 Mar 2012 10:24:24 +0000
Hello everybody, I've recently setup snort 2.9.2 on Ubuntu, and used oinkmaster to get the 2921 rules. It runs fine in Daemon mode and the base interface is reporting alerts. The machine only currently has one NIC so i'm attempting to generate alerts from my laptop on the same network. I've tried ping flooding it and port scanning it but every alert is currently showing up as a "Community SIP TCP/IP message flooding directed to SIP proxy SID 100000160". Ive been led to believe that since i haven't tuned it yet these are false positives and will disappear when i have. My question is why are portscans and ping floods showing up as the same thing and why none of the three SID's detected so far appear in the online database? Thanks Phil.
------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Problems with snort Philip Edwards (Mar 26)
- Re: Problems with snort Nick Moore (Mar 26)
- Re: Problems with snort Joel Esler (Mar 26)
- Re: Problems with snort Nick Moore (Mar 26)