[Snort-sigs] ATTACK RESPONSES id check returned root (sid:498)

Jason Haar Jason.Haar at ...651...
Thu Jan 23 12:41:04 EST 2003


Hmm, I don't know how useful this rule is. All of these mails set off alerts
on my system :-)

Couldn't a depth: option be used to limit these falsies? I mean, don't hacks
that return this string be doing it pretty early in the piece?

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1




More information about the Snort-sigs mailing list