Snort mailing list archives

Previous By Date Next
Previous By Thread Next

false positives triggered by i2hub

From: Matt Richard <matt.richard () fandm edu>
Date: Thu, 20 Jan 2005 11:48:19 -0500
The p2p application i2hub (http://www.i2hub.com/) seems to trigger false positives for several ftp rules. I found events for SID's 1377, 1378, 1748, 1777, 1778 , 1992, 2417.
It's not clear to me if it always runs on port 21, or if it just happened to find 21 in this case.
Since our students returned this week, I had about a half-million events due to this. 

-Matt


--
Matt Richard
Access and Security Coordinator
Computing Services
Franklin & Marshall College
matt.richard () fandm edu
(717) 291-4157


-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: