4. First shot at Snort…

First shot at Snort…

  • A

    I've fired up Snort on pfSense 2.3 and have had it running for a day or so in non-blocking mode. I am seeing a lot of these two alerts as seen in this attachment.

    Both SourceIPs are my WAN IP. The destination for rule 141:1 resolves to my websites IMAP email server. The destination for rule 137:1 resolves to Apple.

    So I'm pretty sure these are false positives, am I wrong? If indeed they are false, then can I safely disable the two rules? Thats how I understand you are supposed to do it, correct?


    0
  • A

    i have that rule in my supress List

    suppress gen_id 137, sig_id 1

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy