[Snort-sigs] WEB-ATTACKS mail command attempt false positives
Sheahan, Paul (PCLN-NW)
Paul.Sheahan at ...421...
Thu Mar 7 19:32:24 EST 2002
I just upgraded to Snort 1.9dev on RHLinux 7.0 and noticed the signature
"WEB-ATTACKS mail command attempt" is generating false positives
occasionally. I checked the rule which looks for "/bin/mail" but none of the
traces have "/bin/mail" in them. It happened about 5 times in one day from 5
Manager of Information Security
paul.sheahan at ...421...
More information about the Snort-sigs