[Snort-sigs] False positive in sid:1448

Federico Petronio petrus at ...2312...
Wed Aug 11 07:52:10 EDT 2004


Hello,

I would like to ask about sid 1448, I read in snort database that:

"This event is generated when a malicious packet is sent to the 
Microsoft Terminal Server port."

The "malicious" part is this 100% accurate? could normal terminal server 
traffic trigger that rule?

I am running sid:1448 rev.10 and snort-2.1.3

Thanks a lot.
-- 
                                         Federico Petronio
                                         petrus at ...2312...




More information about the Snort-sigs mailing list