[Snort-devel] Alerts but no logs for some rules

Russell Fulton r.fulton at ...1343...
Sun Aug 18 15:06:03 EDT 2002


Hi,
 I am running snort 1.9.0beta2 (Build 184) and I am getting lots of what
I believe are false +ves on a couple of new rules:

EXPERIMENTAL WEB-CLIENT javascript URL host spoofing attempt and 
EXPERIMENTAL SSH server banner overflow

but when I check the logged packet I can not find one to check.

For some reason snort is not logging packets for these alerts.

Please reply to me direct if you want more details as I am not on the
developers list.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

"It aint necessarily so"  - Gershwin





More information about the Snort-devel mailing list