[Snort-sigs] MS-SQL Ping false positives
dwilburn at ...8...
Thu Aug 28 03:11:04 EDT 2003
The MS-SQL Ping rule (SID 2049) seems to generate nothing but false
positives. I don't know why, but I have seen it false alarm on traffic
sent by hosts that I believe are SQL Servers that is sent to
255.255.255.255. I don't know what this traffic is actually for,
however. The payload is always one byte, 0x02.
Can anyone else confirm this as a false alarm? Even better, can they
tell me what this traffic is?
More information about the Snort-sigs