[Snort-users] Scan Proxy

Brian Caswell bmc at ...312...
Tue Apr 24 02:45:21 EDT 2001


Togan Muftuoglu wrote:
> I have been getting lots of SCAN Proxy Attempts lately to 
> ports 1080 8080 and 3128. I do not have these services on
> my firewall anyway. Hoewever I was not getting anything 
> like this before when Iwas using 1.7 that came with suse

Did that have portscans setup correctly?  You might want to check the
portscan settings, it might be too tightly wound for your uses.

> First of all are these false positives and secondly where 
> can I get more informatin about classification.config 
> documentation

in classificaation.config of course.  I'm writing a README.priority,
but for now the documentation in classification.config should be
enough to start.

> And finally to my understanding snort 1.8 is not compatible 
> with aris extractor since extractor does not upload these 
> new messages or am I doing it wrong.

Correct.  SF has been notified of the change, but they are massively
busy over there.  Too many exploits, too many vulnerabilities, too
little time.  I've been told 'soon'.  Give em a bit of time.  1.8
hasn't been released yet, so they have a short bit of time :)

-- 
Brian Caswell
The MITRE Corporation




More information about the Snort-users mailing list