• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Snort false positives?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Firewalls // Intrusion Detection - External Security

View previous topic :: View next topic  
Author Message
security_student
Just Arrived
Just Arrived


Joined: 21 Dec 2009
Posts: 0


Offline

PostPosted: Mon Dec 21, 2009 7:50 pm    Post subject: Snort false positives? Reply with quote

I think I am getting a lot of false positive's on snort, as many of them are just constantly ticking up ( sometimes with a source address of my router or desktop machine )

could anybody kindly explain or point me in the right direction of finding out what the following detections / false positives are please

MISC Upnp service discover attempt
Source: 192.168.11.1:1900
Destination: 239.255.255.250:1900
(I have a feeling that destination may be something to do with vmware? as it is not a valid address with an NSlookup)

COMMUNITY SIP TCP/IP message flooding directed to SIP proxy
Source: Machines on my network + some external addresses
Destination: Machines on my network + some external addresses

WEB-ATTACKS id command attempt
Source: My desktop machine only
Destination: A google IP

(http_inspect) DOUBLE DECODING ATTACK
Source: My desktop machine only
Destination: A few random websites


trying to learn as much about IDS as I can at the moment so any hints or links to useful info would be appreciated, also wanting to make sure that I am not getting attacked and this all is just false positive's

thankyou
Back to top
View user's profile Send private message
abrahamj
Just Arrived
Just Arrived


Joined: 28 Feb 2010
Posts: 0


Offline

PostPosted: Tue Sep 21, 2010 3:45 am    Post subject: Reply with quote

Intrusion detection system is an auxiliary tool that helps you find the network anomalies,These events can not explain the existence of attacks
Back to top
View user's profile Send private message Send e-mail
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Firewalls // Intrusion Detection - External Security All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register