[Snort-sigs] Possible false positives for rule 1:1983, 1:1980 and 1:1981

George Laiacona glaiacona at ...2749...
Fri Aug 27 05:40:11 EDT 2004


Rule:  
alert udp $EXTERNAL_NET any -> $HOME_NET 4120 (msg:"BACKDOOR DeepThroat
3.1 Connection attempt [4120]"; content:"00"; depth:2;
reference:nessus,10053; reference:mcafee,98574; classtype:misc-activity;
sid:1983; rev:2;) 
--
Sid:
1:1983
--
Summary:

--
Impact:

--
Detailed Information:

--
Affected Systems:

--
Attack Scenarios:

--
Ease of Attack:

--
False Positives:
Appears as though Novell NDPS traffic from network printers simulates
this rule.

--
False Negatives:

--
Corrective Action:

--
Contributors:

-- 
Additional References:

Also rule 1:1980 and 1:1981

George A. Laiacona III
Systems Manager
Aiken County Government
803 642 1594




More information about the Snort-sigs mailing list