Snort false positives?

Networking/Security Forums -> Firewalls // Intrusion Detection - External Security

Author: security_student PostPosted: Mon Dec 21, 2009 7:50 pm    Post subject: Snort false positives?
    ----
I think I am getting a lot of false positive's on snort, as many of them are just constantly ticking up ( sometimes with a source address of my router or desktop machine )

could anybody kindly explain or point me in the right direction of finding out what the following detections / false positives are please

MISC Upnp service discover attempt
Source: 192.168.11.1:1900
Destination: 239.255.255.250:1900
(I have a feeling that destination may be something to do with vmware? as it is not a valid address with an NSlookup)

COMMUNITY SIP TCP/IP message flooding directed to SIP proxy
Source: Machines on my network + some external addresses
Destination: Machines on my network + some external addresses

WEB-ATTACKS id command attempt
Source: My desktop machine only
Destination: A google IP

(http_inspect) DOUBLE DECODING ATTACK
Source: My desktop machine only
Destination: A few random websites


trying to learn as much about IDS as I can at the moment so any hints or links to useful info would be appreciated, also wanting to make sure that I am not getting attacked and this all is just false positive's

thankyou

Author: abrahamj PostPosted: Tue Sep 21, 2010 3:45 am    Post subject:
    ----
Intrusion detection system is an auxiliary tool that helps you find the network anomalies,These events can not explain the existence of attacks



Networking/Security Forums -> Firewalls // Intrusion Detection - External Security


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group