|
|
Additional False Positives for rule 1:498: msg#00199security.ids.snort.sigs
I've only included the effected portion of the template: Rule: alert ip any any -> any any (msg:"ATTACK-RESPONSES id check returned root"; content:"uid=0|28|root|29|"; classtype:bad-unknown; sid:498; rev:6;) -- Sid: 1:498 -- False Positives: Additional false positives - receiving any text document (via http, smtp and probably other clear-text protocols as well) which contains phrases "uid=0" or "uid=root", such as when viewing/reading exploit details from Full Disclosure, PacketStorm, other security sites, etc. R, Coral
|
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Possible False Positive: 00199, Brian Noel |
|---|---|
| Next by Date: | SID 2570: 00199, James Affeld |
| Previous by Thread: | Possible False Positivei: 00199, Brian Noel |
| Next by Thread: | Re: Additional False Positives for rule 1:498: 00199, Nigel Houghton |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |
