[Snort-devel] Getting lots of hits on sid:1841
cmg at ...402...
Wed Sep 4 10:35:04 EDT 2002
Russell Fulton <r.fulton at ...1343...> writes:
> I am running 1.9beta6 with current rule sets and I seeming lots
> (up to dozens per hour from several different servers) of hits on this
> alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"EXPERIMENTAL
> classtype:attempted-user; reference:bugtraq,5293; sid:1841; rev:1;)
> I strongly suspect that these are false +ves but I can not verify this
> since snort never logs the packet? I have had this problem with other
> versions of snort where some rules never log packets but I never got an
Whats your command line / log output system?
[ follow up to snort-devel ]
Chris Green <cmg at ...402...>
Warning: time of day goes back, taking countermeasures.
More information about the Snort-devel