Snort mailing list archives
Re: Newbie
From: "Josh Berry" <josh.berry () netschematics com>
Date: Fri, 27 Feb 2004 17:25:32 -0600 (CST)
If you are monitoring the connection outside of the firewall you are going to see tons of alerts coming from the internet, that does not mean that they are false positives, they are just not being filtered by the firewall. You need to tune your ruleset for what is valid in your environment and properly configure your $HOME_NET variable, setting $EXTERNAL_NET to !$HOME_NET. You are not doing anything wrong necessarily, you are always going to have false positives, it is the nature of IDS.
I have loaded Snort 2.1.0 on a Linux Fedora box, along with mysql and Acid. When I place the box on a hub with my gateway router I am flooded with alerts that can only be false positives. What am I doing wrong? Jim ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Thanks, Josh Berry, CISSP CTO, VP of Product Development LinkNet-Solutions 469-831-8543 josh.berry () linknet-solutions com ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Newbie Jim Brown (Feb 27)
- Re: Newbie Josh Berry (Feb 27)
- <Possible follow-ups>
- Newbie Jim Brown (Feb 28)
- RE: Newbie Michael Steele (Feb 28)
- Newbie Jim Brown (Feb 28)