Re: reporting false positives...

Thanks Matt & Janson for responses:  This has confirmed what I had
thought. Methods of reporting by order of usefulness:

1/ tcpdump of whole session
2/ tcpdump of single packet
3/ Ascii/hex dump of packet from Acid/or whatever.

Is there much difference between 2 and 3? Given that 3 is much easier to
obtain.

When should I resort to getting full dumps of the streams?

I have reported FPs on many occasions before (although not lately) and
never had any feed back.  I appreciate that folk are busy doing
productive stuff but I have been left wondering if it is worth my time
and if I am sending in the "right stuff".

I'd be happy if I got an occasional "Thanks, this is useful" or "Thanks,
but what I really need....".


Cheers, Russell

-- 
Russell Fulton, Information Security Officer, The University of Auckland
New Zealand



-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl