[Snort-users] how to get snort to ignore kazaa
peter at ...9047...
Mon Apr 28 10:23:09 EDT 2003
the short story is this: I'd like to find a way to get snort to ignore
The long story is this: I work for a university and we've got two boxes
running snort looking for "bad traffic". We also subscribe to one of
those online event correlation services which send out daily notices of
the worst offenders and what not. The problem is that, every day, our
users are being flagged as the worst offenders and so far, 100% of the
time, the offense has had to do with port scanning related to p2p apps
(kazaa being the most found).
So, short of turning off the portscan2 preprocessor, is there anyway to
get snort to ignore this traffic? I've got other tools which monitor
bandwidth usage on a per-user basis, so I'm not really worried about
this p2p traffic.
So, does anyone have any advice?
Peter Moody <peter at ...9047...>
InfoSec Administrator 831/459.5409
Communications and Technology Services. http://mustard.ucsc.edu/pubkey
UC, Santa Cruz.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the Snort-users