[Snort-sigs] false hit crc32 for ssh

Brian bmc at ...95...
Mon Nov 19 04:43:03 EST 2001


According to Douglas Elznic:
> I have experienced the same thing. and both server and client were v2
> latest patches...

Yeah, the filler sig is kinda cruddy.  You can increase the ammount of
filler, but you will still see a few of them ever so often. 

Its probably safe to increase the filler (as I have done to rev 2 of
this sig) or even to axe this rule.

-brian

-- 
Save the whales.  Collect the whole set.





More information about the Snort-sigs mailing list