[Snort-sigs] truncated msg string
Ian Macdonald
secsnortsigs at ...644...
Fri Aug 9 07:50:02 EDT 2002
With 1.8
the signature
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"FTP \"CWD /\" possible
warez site"; flags:A+; content:"CWD / "; nocase; depth: 6;
classtype:misc-activity; sid:545; rev:3;)
Was logged in the signature database as just "FTP" rather than FTP \CWD
Not sure exactly what is wrong with the sig but thought I would mention it.
Ian
More information about the Snort-sigs
mailing list