[Snort-users] how to get snort to ignore kazaa

peter moody peter at ...9047...
Mon Apr 28 10:23:09 EDT 2003


the short story is this:  I'd like to find a way to get snort to ignore
kazaa traffic.

The long story is this:  I work for a university and we've got two boxes
running snort looking for "bad traffic".  We also subscribe to one of
those online event correlation services which send out daily notices of
the worst offenders and what not.  The problem is that, every day, our
users are being flagged as the worst offenders and so far, 100% of the
time, the offense has had to do with port scanning related to p2p apps
(kazaa being the most found).

So, short of turning off the portscan2 preprocessor, is there anyway to
get snort to ignore this traffic?  I've got other tools which monitor
bandwidth usage on a per-user basis, so I'm not really worried about
this p2p traffic.  

So, does anyone have any advice?



Peter Moody                             <peter at ...9047...>
InfoSec Administrator                   831/459.5409
Communications and Technology Services. http://mustard.ucsc.edu/pubkey
UC, Santa Cruz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030428/593df5b8/attachment.sig>

More information about the Snort-users mailing list