[Snort-sigs] proposed change to rule
Kreimendahl, Chad J
Chad.Kreimendahl at ...361...
Mon Jan 27 13:39:02 EST 2003
Ók, global use: AgentX appears to send more than 1 packet in its request. So 1 instance of use of this tool could potentially generate several alerts.
From: Chris Green [mailto:cmg at ...435...]
Sent: Monday, January 27, 2003 3:35 PM
To: Kreimendahl, Chad J
Cc: snort-sigs at lists.sourceforge.net
Subject: Re: [Snort-sigs] proposed change to rule
"Kreimendahl, Chad J" <Chad.Kreimendahl at ...361...> writes:
> A daemon that is used for something completely unrelated....
I'm trying to understand environment specific versus the global use
> It's very possible for there to be a large amount of data coming back
> with the real AgentX... definately more than one packet every use.
Yes I know. The initial SYN isn't good enough by itself because
you'll want to know what credentials they are trying or at least
that's what I would like.
Anyone else have comments?
Chris Green <cmg at ...435...>
Laugh and the world laughs with you, snore and you sleep alone.
More information about the Snort-sigs