[Snort-users] Help with Alerts

Pratik Narang pratik.cse.bits at ...11827...
Sat Sep 8 07:21:33 EDT 2012


Hi all,
 Could someone help out why I am not able to identify this alert in any of
the files?

09/08-16:25:26.843914  [**] [1:18608:6] Snort Alert [1:18608:0] [**]
[Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
172.16.x0.y0:58825 -> 199.47.216.148:80
09/08-16:26:15.505341  [**] [1:18608:6] Snort Alert [1:18608:0] [**]
[Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
172.16.x0.y0:58790 -> 199.47.216.148:80
09/08-16:26:22.182389  [**] [1:18608:6] Snort Alert [1:18608:0] [**]
[Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
172.16.x0.y0:58825 -> 199.47.216.148:80
09/08-16:27:12.671644  [**] [1:18608:6] Snort Alert [1:18608:0] [**]
[Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
172.16.x0.y0:58790 -> 199.47.216.148:80
09/08-16:27:19.259019  [**] [1:18608:6] Snort Alert [1:18608:0] [**]
[Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP}
172.16.x0.y0:58825 -> 199.47.216.148:80

The sid corresponds to app-detect.rules (Dropbox activity), but i cant
locate that sid in sid-msg.map. Why so? Am i looking at the wrong place?

Snort version 2.9.3.1

Thanks...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120908/00469146/attachment.html>


More information about the Snort-users mailing list