[Snort-sigs] secure connection to bleedingsnort.com
j.riden at ...1766...
Tue Aug 31 19:13:30 EDT 2004
Frank Knobbe <frank at ...1978...> writes:
> On Tue, 2004-08-31 at 11:10, Esler, Joel - Contractor wrote:
>> That is a good idea, I always set off around 7 rules everytime I go.
> That's an added benefit: It lets you quickly spot weak signatures prone
> to false positives. :)
Well, if you were matching "foo " you could match "foo|20|" instead,
which wouldn't trigger on itself. (Paging Mr. Hofstadter, paging
Mr. Hofstadter :)
Bit of a kludge though.
James Riden / j.riden at ...1766... / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/
More information about the Snort-sigs