|
|
Re: False Positive: msg#00121security.ids.snort.sigs
Matt Kettler wrote: > At 04:01 AM 10/14/2004, Koelewijn, Bert wrote: > >Dear snort sigs team, > > > >SID:1893 SNMP missing community string attempt > > > >This rule has a false positive with the attached packet. The rule triggers > >on the SNMP request id. > > Hmm, that's quite odd. The rule should avoid hitting that packet with the > depth and offset keywords. The rule parameters are depth:15 and offset:5 so the content clause is restricted to payload offsets 5-19. The offending match is at offset 17 so well within the rule scope. Cheers, nnposter ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: False Positive: 00121, Mark Buchanan |
|---|---|
| Next by Date: | Re: False Positive: 00121, nnposter |
| Previous by Thread: | Re: False Positivei: 00121, Matt Kettler |
| Next by Thread: | Re: False Positive: 00121, Matt Kettler |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |