how to get snort to ignore kazaa

[peter moody <peter () ucsc edu>]

Hello,

the short story is this:  I'd like to find a way to get snort to ignore
kazaa traffic.

The long story is this:  I work for a university and we've got two boxes
running snort looking for "bad traffic".  We also subscribe to one of
those online event correlation services which send out daily notices of
the worst offenders and what not.  The problem is that, every day, our
users are being flagged as the worst offenders and so far, 100% of the
time, the offense has had to do with port scanning related to p2p apps
(kazaa being the most found).

So, short of turning off the portscan2 preprocessor, is there anyway to
get snort to ignore this traffic?  I've got other tools which monitor
bandwidth usage on a per-user basis, so I'm not really worried about
this p2p traffic.  

So, does anyone have any advice?

TIA.

-Peter

-- 
Peter Moody                             <peter () ucsc edu>
InfoSec Administrator                   831/459.5409
Communications and Technology Services. http://mustard.ucsc.edu/pubkey
UC, Santa Cruz.
:wq

Attachment: signature.asc
Description: This is a digitally signed message part