Man, I'll tell you, the sensitive data processor in snort was not designed to be used with web traffic. If you've used it at all, you know it fires all the time when used in conjunction with regular web traffic. If seems to throw alerts for detecting email addresses if it so much as finds the '@' symbol in a packet. Any string of numbers in a packet makes it alert for finding supposed credit card numbers.
Since in my current setup snort is processing all packets sent from my router, I'm going to have to disable sensitive data processing. I guess if I was only monitoring traffic from my internal network, then there would be fewer of these alerts. And then, the alerts I do get would probably at least be worth taking a look at. Right now, though, I'm just getting flooded with false positives.
No comments:
Post a Comment