Snort mailing list archives
Proxy Servers generating false positives
From: "Chan, Wilson" <wchan () honolulu gov>
Date: Fri, 30 Oct 2009 10:47:30 -1000
It seems that Snort is generating a lot of false positives for the web traffic heading to our internal proxy servers. Instead of creating thresholds/disabling sigs per alert does it make more sense to just use a BPF to filter out port 8080 to our proxy servers? Is this standard practice or will I lose too much on the detection realm? What am I giving up? Thanks! Wilson
------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Proxy Servers generating false positives Chan, Wilson (Oct 30)
- Re: Proxy Servers generating false positives Jefferson, Shawn (Oct 30)
- Re: Proxy Servers generating false positives Jason Haar (Oct 30)
- Re: Proxy Servers generating false positives Brandon Harms (Oct 31)
- Re: Proxy Servers generating false positives Nigel Houghton (Oct 31)
- Re: Proxy Servers generating false positives Brandon Harms (Nov 02)
- Re: Proxy Servers generating false positives Jason Haar (Oct 30)
- Re: Proxy Servers generating false positives Jefferson, Shawn (Oct 30)
- <Possible follow-ups>
- Re: Proxy Servers generating false positives Chan, Wilson (Oct 30)
- Re: Proxy Servers generating false positives Chan, Wilson (Oct 30)
- Re: Proxy Servers generating false positives Jason Haar (Oct 30)