[Snort-sigs] Possible False Positive on SID 2383

Lance Boon lboon at ...2573...
Thu Aug 19 07:53:24 EDT 2004


I've just upgrade to Snort 2.2.0 from 2.1.3, using the rules that came
with the 2.2.0 tarball, I notice what appears to be false positives on
SID 2383. From as far as I can tell it's normal traffic from either
Windows 2000 pro workstations, Windows XP pro workstations communicating
to a Windows 2003 domain controller. I have a capture of the traffic
available for analysis.
Lance
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3739 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20040819/562b5bb9/attachment.bin>


More information about the Snort-sigs mailing list