[Snort-sigs] FP in Rule 2515 ?

Federico Petronio petrus at ...2312...
Thu Aug 5 14:07:03 EDT 2004


Hello, I recently notice some alerts on rule "2515: WEB-MISC PCT 
Client_Hello overflow attempt", but that rule is not in the Snort 
on-line database.

I would like to know if that rule could easily generate FP alerts or if 
it an very accurate rule? Since it scan SSL traffic I can't realize if 
the traffic was actually an attack or just normal traffic.

I am running 2.1 rules snapshot with the rev 9 of 2515.

-- 
                                         Federico Petronio
                                         petrus at ...2312...




More information about the Snort-sigs mailing list