Problems with snort

[Philip Edwards <phil.e () clara net>]

> Hello everybody,
>
> I've recently setup snort 2.9.2 on Ubuntu, and used oinkmaster to get the 2921 rules.
> It runs fine in Daemon mode and the base interface is reporting alerts. The machine only currently has one NIC so i'm 
> attempting to generate alerts from my laptop on the same network. I've tried ping flooding it and port scanning it 
> but every alert is currently showing up as a "Community SIP TCP/IP message flooding directed to SIP proxy SID 
> 100000160".
>
> Ive been led to believe that since i haven't tuned it yet these are false positives and will disappear when i have.
> My question is why are portscans and ping floods showing up as the same thing and why none of the three SID's 
> detected so far appear in the online database?
>
> Thanks
>
> Phil.


------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here 
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!