Snort mailing list archives
Re: problems with PP
From: "Michael Steele" <michaels () winsnort com>
Date: Fri, 14 Sep 2012 09:47:35 -0400
Anything rule affiliated that is changed, PP has to be re-ran in order to update. The process: Stop Snort, Run PP, Start Snort Michael... From: Pratik Narang [mailto:pratik.cse.bits () gmail com] Sent: Friday, September 14, 2012 9:30 AM To: snort-users () lists sourceforge net Subject: [Snort-users] problems with PP I enabled the 'security' policy via PP and have been getting these kinds of alerts by the dozen : 09/14-18:55:28.774651 [**] [1:16282:3] PUA-P2P Bittorrent uTP peer request [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 172.16.39.102:23943 -> 172.16.100.107:60294 09/14-18:55:28.774654 [**] [1:16282:3] PUA-P2P Bittorrent uTP peer request [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 172.16.39.102:23-943 -> 172.16.100.107:60294 09/14-18:55:28.774656 [**] [1:16282:3] PUA-P2P Bittorrent uTP peer request [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 172.16.39.102:23943 -> 172.16.100.107:60294 09/14-18:55:28.774692 [**] [1:16282:3] PUA-P2P Bittorrent uTP peer request [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {UDP} 172.16.39.102:23943 -> 172.16.100.107:60294 I put that sig id into my disablesid.conf, but i continue to get the alerts. What could be wrong here? What is the correct way of putting the sids- 16282, 1:16282, or 1:16282:3 ? I also tried putting the category 'VRT-p2p' in disablesid.conf, but no avail :(
------------------------------------------------------------------------------ Got visibility? Most devs has no idea what their production app looks like. Find out how fast your code is with AppDynamics Lite. http://ad.doubleclick.net/clk;262219671;13503038;y? http://info.appdynamics.com/FreeJavaPerformanceDownload.html
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- problems with PP Pratik Narang (Sep 14)
- Re: problems with PP Pratik Narang (Sep 14)
- Re: problems with PP Joel Esler (Sep 14)
- Re: problems with PP Peter Bates (Sep 14)
- Re: problems with PP Michael Steele (Sep 14)
- Re: problems with PP Joel Esler (Sep 14)
- <Possible follow-ups>
- Re: problems with PP Michael Steele (Sep 14)
- Re: problems with PP Pratik Narang (Sep 14)