[Snort-sigs] SID 663, SMTP rcpt to sed command attempt

Nigel Houghton nigel.houghton at ...435...
Mon Jul 14 08:20:52 EDT 2003


Could you both please elucidate on what the false positive condition is
exactly?

On Sun, 13 Jul 2003 23:15:15 +0200 (CEST)
Hugo van der Kooij <hvdkooij at ...481...> said something like:

: On Sun, 13 Jul 2003, Nathan Bain wrote:
: 
: > The documentation for SID 663, SMTP rcpt to sed command attempt,
says
: > there are no known false positives.  However, Snort has given me
several
: > apparent false positives.
: 
: I can confirm these findings. While they happen once a week it seems
the 
: message is a false positive.
: 
: Hugo.
: 
: -- 
:  All email sent to me is bound to the rules described on my homepage.
:     hvdkooij at ...481...		http://hvdkooij.xs4all.nl/
: 	    Don't meddle in the affairs of sysadmins,
: 	    for they are subtle and quick to anger.
: 
: 
: 
: -------------------------------------------------------
: This SF.Net email sponsored by: Parasoft
: Error proof Web apps, automate testing & more.
: Download & eval WebKing and get a free book.
: www.parasoft.com/bulletproofapps1
: _______________________________________________
: Snort-sigs mailing list
: Snort-sigs at lists.sourceforge.net
: https://lists.sourceforge.net/lists/listinfo/snort-sigs


-------------------------------------------------------------
Nigel Houghton       Security Engineer        Sourcefire Inc.

"I have read of a place where humans do battle in a ring of Jell-O."




More information about the Snort-sigs mailing list