Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Snort and Sitescout

    IDS/IPS
    2
    2
    210
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      girion last edited by

      I have been running Snort for about a year, lately in blocking mode. I run a quite lenient rule set and are quite happy as it still catches quite a lot of unwanted packages entering or leaving my network. I am trying to find the reason for some services being slow (some Android apps and Youtube primarily).

      I can see quite a lot of outgoing traffic on "1:72049 sitescout" being blocked. What is it and is this a false positive or not?

      1 Reply Last reply Reply Quote 0
      • bmeeks
        bmeeks last edited by

        Are you sure you copied that SID correctly? I can't find it in the Snort rules lookup site. I did a quick Google search for "Sitescout" and found this. The site describes itself as a self-serve advertising platform where apparently buyers "bid" for advertising space or something like that. I did not read all the documentation.

        What rule category is that rule from? Offhand I would think it's not malicious by itself, but if it is an ad server site, it's certainly possible for someone to compromise a server there and then it could become malicious.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post