Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    New To Snort, Lots of False Positives

    pfSense Packages
    2
    2
    1148
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      eliteassassin07 last edited by

      I recently configured Snort to start running on my PFSense Box and while I currently do not have it configured to block any traffic I would like to get to that point… I thought it would be best to monitor my network first and get my suppression lists configured prior to enabling blocking.

      I am seeing a lot of alerts for the "http_inspect" specifically out of 3,094 alerts 1,314 of them came from the following SIDs 119:2, 119:4, 119:31, and 119:33. What is the best method (suggested advice) for sorting threw these to figure out what should be suppressed?

      Any advice would be greatly appreciated!

      1 Reply Last reply Reply Quote 0
      • BBcan177
        BBcan177 Moderator last edited by

        Take a look at these threads:

        https://forum.pfsense.org/index.php?topic=64674.0

        https://forum.pfsense.org/index.php?topic=78062.0‎

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense Plus
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy