[Snort-sigs] [1:1325:1] EXPLOIT ssh CRC32 overflow filler

Michael T. Babcock mbabcock at ...93...
Sat Nov 24 09:04:01 EST 2001

I'm using Snort 1.8.2 and the rule "[1:1325:1] EXPLOIT ssh CRC32 
overflow filler" is picking up legitimate traffic from openssh 3.0.1.

Just an FYI -- I'm not familiar enough with the data in question to 
pick out one from the other.
Michael T. Babcock
CTO, FibreSpeed Ltd.

More information about the Snort-sigs mailing list