[Snort-users] False positives

Jesús Gálvez jesuxgalvez at ...11031...
Thu Aug 3 07:21:22 EDT 2006

Hi. I have snort running as NIDS in a LAN. I use ACID to see the alerts. I find a lot of falses positives, coverall this:

(portscan) TCP Portsweep          

and show local source IP and destiny IP that aren´t scanning, some even doesn´t exist. I don´t know what rule can be trigger the alarm. Anybody can help me?



LLama Gratis a cualquier PC del Mundo.
Llamadas a fijos y móviles desde 1 céntimo por minuto.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20060803/cd218d33/attachment.html>

More information about the Snort-users mailing list