[Snort-users] DOS MSDTC attempt false positive
Roberto Suarez Soto
robe at ...3881...
Thu May 9 01:26:03 EDT 2002
On May/09, Kenny D wrote:
> I was thinking of writing a pass rule to ignore
> alerts where source port is 80 and destination port
I've simply added a pass rule for connections from 80 on a external
host to 3372 on some of the local hosts (i.e., the web proxy). It works, and I
don't think I'm being much more vulnerable by ignoring these connections.
Besides, the 3372 is closed on the firewall by default, so that's another
reason to be sure about that :-)
Roberto Suarez Soto Alfa21 Outsourcing
robe at ...3881... http://www.alfa21.com
More information about the Snort-users