[Snort-users] false alerts

support support at ...4657...
Wed Jan 23 16:21:03 EST 2002


I have am having a problem with snort ...
I apologize in advance for the nature of the question , however...
When running Snort 1.8.3 in daemon mode with no output modules I am
receiving false alerts from my internal network. Below is an excerpt from my
logs

"
Jan 24 10:23:46 proxy snort[12568]: [1:618:1] INFO - Possible Squid Scan
[Classification: Attempted Information Leak] [Priority: 2]: {TCP}
192.168.0.10:1387 -> 192.168.0.8:3128
Jan 24 10:23:49 proxy snort[12568]: [1:618:1] INFO - Possible Squid Scan
[Classification: Attempted Information Leak] [Priority: 2]: {TCP}
192.168.0.10:1388 -> 192.168.0.8:3128
"
The snort.conf file is from version 1.8.1 and defines the internal network
both in HOME_NET and within the preprocessor portscan-ignorehosts
Any suggestions would be greatly appreciated.

David








More information about the Snort-users mailing list