Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort False Positives

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      netmethods
      last edited by

      Snort-Dev 1.18 on 1.2.3-RELEASE has been working great (Thanks James!!!), with the exception of getting false positives when using the SMTP and FTP rules. I've read the forum up and down, but still can't seem to get it to work right. It seems like any service I use heavily will get triggered.

      Does anyone have any advise or tips to limit the false positives while still staying as secure as possible? If it helps any, we're using Exchange and a majority of our email communications are to Exchange servers as well.

      Thanks for any help anyone can give!

      2x Nexcom 1088n8 in HA config
      2.4 GHz Quad Core / 4GB DDR2 / SATAII 160GB / 4x1GB Intel module

      1 Reply Last reply Reply Quote 0
      • J Offline
        jamesdean
        last edited by

        The threshold.conf tab is what you want and I have not had time to add it.
        You will have to edit the snort rule file called threshold.conf.

        I still have to add it on the next release.

        1 Reply Last reply Reply Quote 0
        • N Offline
          netmethods
          last edited by

          Ah, I see. Thank you for the quick reply! Any chance you can give me some tips on how to modify it? I tried doing a quick search in the forums, but didn't find anything.

          Thanks again!
          Jason

          2x Nexcom 1088n8 in HA config
          2.4 GHz Quad Core / 4GB DDR2 / SATAII 160GB / 4x1GB Intel module

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.