[Snort-sigs] ATTACK RESPONSES id check returned root (sid:498)

Brian bmc at ...95...
Thu Jan 23 19:46:02 EST 2003


On Fri, Jan 24, 2003 at 09:40:39AM +1300, Jason Haar wrote:
> 
> Hmm, I don't know how useful this rule is. All of these mails set off alerts
> on my system :-)
> 
> Couldn't a depth: option be used to limit these falsies? I mean, don't hacks
> that return this string be doing it pretty early in the piece?

Nope.  Not all of them.

-brian




More information about the Snort-sigs mailing list