|
|
Re: False Positive: msg#00117security.ids.snort.sigs
At 04:01 AM 10/14/2004, Koelewijn, Bert wrote: Dear snort sigs team, Hmm, that's quite odd. The rule should avoid hitting that packet with the depth and offset keywords. What snort version are you using? 2.2.0? What rev of 1893 are you using? (although as far as I can tell, even rev 1 has the depth/offset, and rev4 is the latest, it's helpful to know for sure what rule you're using). Please keep the information in the attachment confidential. That will be difficult.. This is a public mailing list. However, for what it's worth, I'll avoid disclosing any of the information in the packet. ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Colin Slevin/TRANSWARE/IE is out of the office.: 00117, Colin . Slevin |
|---|---|
| Next by Date: | Re: Colin Slevin/TRANSWARE/IE is out of the office.: 00117, Matt Kettler |
| Previous by Thread: | False Positivei: 00117, Koelewijn, Bert |
| Next by Thread: | Re: False Positive: 00117, Mark Buchanan |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |