Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Rules » False Positives on Porn Rules

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

False Positives on Porn Rules


Posted by jdy05 on March 22, 2005 02:41:21

Hello all,

I was wondering if someone could help me understand the porn rules. I receive nothing but false positives on these rules. In the alert I get the external IP address, which is what I'm assuming is the web site containing the porn content, and the ip address of the internal host. If I paste the IP address for the porn site right into a browser, it takes me to some legitimate site like www.pga.com or something. I don't understand. Is there something I can do to fix this?

Thanks in advance.

Posted by babtras on March 23, 2005 12:30:55

I find that some banner ads will trigger porn rules, which makes it a pain to determine if the event is legitimate or not. Perhaps the rule(s) need to be a little more refined.

The upside is that this happens infrequently. Probably a couple times a week on my system.
site feedback | Terms of Use | Privacy Policy | forum archives ©2008 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.