[Snort-sigs] mods to curb false positive on x11 rules?
scheidell at ...249...
Thu May 30 14:54:03 EDT 2002
> > --
> Ah! Firstly I had not realised Arachnids was back on the air, Great!
> Secondly I too have been having regular problems with false +ves on X11
> rules of the nature of those described by Michael. I too had wondered
> about explicitly checking for SYN+ACKs, but another approach that
> occurred to me was to use the new direction attribute (if I understand
> it correctly) to eliminate false +ve on *source* ports of 600x.
assuming you are running 1.9x code ;-)
I am not.
SECNAP Network Security, LLC
(561) 368-9561 scheidell at ...249...
More information about the Snort-sigs