[Snort-users] False positive

Joel Esler jesler at ...1935...
Wed May 16 09:40:43 EDT 2012

Is there any way you can provide some pcaps to illustrate your FP?

Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager

On May 16, 2012, at 7:08 AM, Philip Edwards wrote:

> Hi,
> I have recently installed snort on ubuntu and am just attempting to tune out the noise.
> For some reason the BAD-TRAFFIC (same source and destination) rule is firing on DHCP broadcasts.
> The source is port 67 and the destination is port 68.
> Since the source and destination are different can anyone clue me in?
> Thanks
> Phil Edwards=

More information about the Snort-users mailing list