BeachBum
Regular Contributor
Well I've fired up Snort on pfSense 2.3 and have had it running for a day or so in non-blocking mode. I am seeing a lot of these two alerts:
Both SourceIPs are my WAN IP. The destination for rule 141:1 resolves to my websites email server. The destination for rule 137:1 resolves to Apple.
So I'm pretty sure these are false positives, am I wrong? If indeed they are false, then can I safely disable the two rules? Thats how I understand you are supposed to do it, correct?
Both SourceIPs are my WAN IP. The destination for rule 141:1 resolves to my websites email server. The destination for rule 137:1 resolves to Apple.
So I'm pretty sure these are false positives, am I wrong? If indeed they are false, then can I safely disable the two rules? Thats how I understand you are supposed to do it, correct?