[Snort-sigs] secure connection to bleedingsnort.com

James Riden j.riden at ...1766...
Tue Aug 31 19:13:30 EDT 2004


Frank Knobbe <frank at ...1978...> writes:

> On Tue, 2004-08-31 at 11:10, Esler, Joel - Contractor wrote:
>> That is a good idea, I always set off around 7 rules everytime I go.
>
> That's an added benefit: It lets you quickly spot weak signatures prone
> to false positives. :)

Well, if you were matching "foo " you could match "foo|20|" instead,
which wouldn't trigger on itself. (Paging Mr. Hofstadter, paging
Mr. Hofstadter :) 

Bit of a kludge though.

-- 
James Riden / j.riden at ...1766... / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/





More information about the Snort-sigs mailing list