False Positive with SID 2329 "MS-SQL probe respons: msg#00187 security.ids.snort.sigs

Hi Folks,

SID 2329 "MS-SQL probe response overflow attempt" generates false
positives when used in a network where OpenVPN is running. Maybe it's
useful to add a port of 1434 to the rule?

Cheers,

Joerg

--
Joerg Weber M. A.
Network Security

infoServe GmbH
Nell-Breuning-Allee 6
D-66115 Saarbruecken

T: (0681) 8 80 08 - 59
F: (0681) 8 80 08 - 33
www.infos.de
E: j.weber@xxxxxxxx

-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click

<Prev in Thread]	Current Thread	[Next in Thread>

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Bleedingsnort.com Daily Update: 00187, matt
Next by Date:	ARP "Who has (one address)" > "Tell (many different, random IP's)": 00187, Les Yaw
Previous by Thread:	Identical rulesi: 00187, Esler, Joel - Contractor
Next by Thread:	ARP "Who has (one address)" > "Tell (many different, random IP's)": 00187, Les Yaw
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Bleedingsnort.com Daily Update: 00187, matt

Next by Date:

ARP "Who has (one address)" > "Tell (many different, random IP's)": 00187, Les Yaw

Previous by Thread:

Identical rulesi: 00187, Esler, Joel - Contractor

Next by Thread:

ARP "Who has (one address)" > "Tell (many different, random IP's)": 00187, Les Yaw

Indexes:

[Date] [Thread] [Top] [All Lists]

False Positive with SID 2329 "MS-SQL probe response overflow attempt": msg#00187

security.ids.snort.sigs