[Snort-sigs] Missing sig...

a.h.s. boy spud at ...271...
Sun Jan 20 08:49:02 EST 2002


I just noticed that neither your "Finished" nor "Unfinished" rule 
explanations includes the "EXPLOIT ssh CRC32 overflow filler" rule. I 
can't, unfortunately, provide too much information on it (except that it 
generates a false positive every time I ssh to my server), but I thought 
you might want to make sure it was properly listed.

BTW, great idea to create this reference...I can't tell you how often 
I've needed it (especially with ArachNIDS down all the time).

Cheers,
spud.

-------------------------------------------------------------------
a.h.s. boy
spud at ...271...               "as yes is to if,love is to yes"
http://www.nothingness.org/
PGP Fingerprint: 7B5B 2E7A FA96 865A D9D9  5D6D 54CD D2C1 3429 56B4
-------------------------------------------------------------------





More information about the Snort-sigs mailing list