[Snort-devel] tcpdump for false alert on sid:1845
bmc at ...835...
Thu Oct 31 08:53:08 EST 2002
On Thu, Oct 31, 2002 at 04:49:20PM +1300, Russell Fulton wrote:
> Hi All,
> I am running the production release of 1.9.0 and all seems to be well
> except that I am getting a lot of false hits on rules 1845 and 1844.
> This did not happen on the beta 6 release that I was running before.
> I have managed to get a tcpdump file with a single IMAP session that
> illustrates the problem (attached).
I tried your pcap and was unable to get snort to false alarm.
I tried it against against 1.9.0, stable, or current. Can you send your
More information about the Snort-devel