1. Home
  2. pfSense Packages
  3. IDS/IPS
  4. Snort and Sitescout

Snort and Sitescout

  • G

    I have been running Snort for about a year, lately in blocking mode. I run a quite lenient rule set and are quite happy as it still catches quite a lot of unwanted packages entering or leaving my network. I am trying to find the reason for some services being slow (some Android apps and Youtube primarily).

    I can see quite a lot of outgoing traffic on "1:72049 sitescout" being blocked. What is it and is this a false positive or not?

    0
  • bmeeks

    Are you sure you copied that SID correctly? I can't find it in the Snort rules lookup site. I did a quick Google search for "Sitescout" and found this. The site describes itself as a self-serve advertising platform where apparently buyers "bid" for advertising space or something like that. I did not read all the documentation.

    What rule category is that rule from? Offhand I would think it's not malicious by itself, but if it is an ad server site, it's certainly possible for someone to compromise a server there and then it could become malicious.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy