SNORT - sfportscan - sense_level
-
Hello,
I am getting far to many false positives on my WAN interface as I have a very active FW. According to a few sites I have found, you can set sense_level to low for sfportscan. The option does not appear in pfSense. I would love to see a drop down box in the preprocessors screen to set this value.Is there another way to set this in the mean time?
Thank you so much for you work on getting this into pfSense.
Pod.
-
Does this happen when you have the portscan preprocessor enabled?
I posted something on this few days ago when I was having some issues with the SNORT interface preprocessor with the SMTP normalizer causing false positives and I believe someone else posted they had the same thing going on. I am also getting a lot of false postives when the port scan preprocessor is enabled. It got to a point I had to disable the two. I would really like to run them, but it is to much of an issue having legitament IP's getting blocked.
-
Hello,
I am getting far to many false positives on my WAN interface as I have a very active FW. According to a few sites I have found, you can set sense_level to low for sfportscan. The option does not appear in pfSense. I would love to see a drop down box in the preprocessors screen to set this value.Is there another way to set this in the mean time?
Thank you so much for you work on getting this into pfSense.
Pod.
Added to the todo list.
James