[Snort-sigs] proposed change to rule
Chris Green
cmg at ...435...
Mon Jan 27 13:43:08 EST 2003
"Kreimendahl, Chad J" <Chad.Kreimendahl at ...361...> writes:
> Ók, global use: AgentX appears to send more than 1 packet in its
> request. So 1 instance of use of this tool could potentially
> generate several alerts.
I understand that. I also understand that it's not the first packet
that's important. If you have AgentX in your environment, can you
create a rule that looks for the username portion of authentication
rather than all the packets.
--
Chris Green <cmg at ...435...>
"Yeah, but you're taking the universe out of context."
More information about the Snort-sigs
mailing list