[Snort-sigs] false hit crc32 for ssh
bmc at ...95...
Mon Nov 19 04:43:03 EST 2001
According to Douglas Elznic:
> I have experienced the same thing. and both server and client were v2
> latest patches...
Yeah, the filler sig is kinda cruddy. You can increase the ammount of
filler, but you will still see a few of them ever so often.
Its probably safe to increase the filler (as I have done to rev 2 of
this sig) or even to axe this rule.
Save the whales. Collect the whole set.
More information about the Snort-sigs