[Snort-users] Strange events happening after installing PulledPork

Michael Steele michaels at ...9077...
Tue Apr 28 00:20:15 EDT 2015


I'm not sure what's going on. I just setup a new PulledPork instance, and
its set to security for the rule set.

 

My previous instance ran a full set of rules for testing and I didn't see
the events below being logged

 

I'm getting hundreds of the events below. I'm only seeing this after setting
up PulledPork 0.7.0

 

04/28-00:11:04.389178  [**] [1:1620:6] Snort Alert [1:1620:6] [**]

04/28-00:11:04.758601  [**] [1:1620:6] Snort Alert [1:1620:6] [**]

04/28-00:11:04.781636  [**] [1:1620:6] Snort Alert [1:1620:6] [**]
[Classification: Detection of a Non-Standard Protocol or Event] [Priority:
2] {UDP} 192.168.0.2:57503 -> 239.255.255.250:1900

04/28-00:11:05.758296  [**] [1:1620:6] Snort Alert [1:1620:6] [**]

04/28-00:11:06.192448  [**] [1:1620:6] Snort Alert [1:1620:6] [**]
[Classification: Detection of a Non-Standard Protocol or Event] [Priority:
2] {UDP} 192.168.0.2:55549 -> 192.168.0.255:32412

 

Any ideas why I'm getting these with PulledPork?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150428/bc1bdbdf/attachment.html>


More information about the Snort-users mailing list