Snort mailing list archives

problems with PP


From: Pratik Narang <pratik.cse.bits () gmail com>
Date: Fri, 14 Sep 2012 19:00:27 +0530

I enabled the 'security' policy via PP and have been getting these kinds of
alerts by the dozen :

09/14-18:55:28.774651  [**] [1:16282:3] PUA-P2P Bittorrent uTP peer request
 [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1]
{UDP} 172.16.39.102:23943 -> 172.16.100.107:60294
09/14-18:55:28.774654  [**] [1:16282:3] PUA-P2P Bittorrent uTP peer request
 [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1]
{UDP} 172.16.39.102:23-943 -> 172.16.100.107:60294
09/14-18:55:28.774656  [**] [1:16282:3] PUA-P2P Bittorrent uTP peer request
 [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1]
{UDP} 172.16.39.102:23943 -> 172.16.100.107:60294
09/14-18:55:28.774692  [**] [1:16282:3] PUA-P2P Bittorrent uTP peer request
 [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1]
{UDP} 172.16.39.102:23943 -> 172.16.100.107:60294

I put that sig id into my disablesid.conf, but i continue to get the
alerts. What could be wrong here? What is the correct way of putting the
sids- 16282, 1:16282, or 1:16282:3 ?
I also tried putting the category 'VRT-p2p' in disablesid.conf, but no
avail :(
------------------------------------------------------------------------------
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread: