|
|
Re: False Positive: msg#00125security.ids.snort.sigs
At 03:59 PM 10/15/2004, nnposter@xxxxxxxxxxxxxxxxxxxxx wrote: The rule parameters are depth:15 and offset:5 so the content clause is Doh.. you're right.. I was thinking it would be 5-15. Looks like the original poster is being bit by having a short community string. (7 bytes). Perhaps the depth on this rule should be changed to 10? Anyone more snmp-guruish care to comment on that impact? ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Colin Slevin/TRANSWARE/IE is out of the office.: 00125, Colin . Slevin |
|---|---|
| Next by Date: | Re: False Positive: 00125, Matt Kettler |
| Previous by Thread: | Re: False Positivei: 00125, nnposter |
| Next by Thread: | WEB-MISC SSLv3 invalid Client_Hello attempt: 00125, Vladimir Stavrinov |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |