[Snort-sigs] SID 2182

Serveur-Faucon Surveillance SrvFaucon at ...2223...
Wed Feb 11 09:19:22 EST 2004


Hi snort.
I hope that this can help you. Have a nice day! Alexandre

# 
# $Id$
#
# 

Rule:  na

--
Sid: 2182

--
Summary: False Negative

--
Impact: A lot of false negatives :)

--
Detailed Information: You can get the 2182.cap file attached to this email.
This is actually the ethereal file of me sniffing network activities.
Filter destination to 10.1.0.170 and you can see that the window size
of my tcp packet are not 55808. But snort does report it as a SID 2182.
The only thing I have been doing is surfing my sentinix (sentinix.org)
server with https.

--
Affected Systems: Windows? / Linux / Snort / Sentinix?

--
Attack Scenarios: none

--
Ease of Attack: na

--
False Positives: see details

--
False Negatives: na

--
Corrective Action: na

--
Contributors: Alexandre Racine

-- 
Additional References: see attached file.



---------------------------------------------------
Alexandre Racine
Montréal, Québec, Canada

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2182.cap
Type: application/octet-stream
Size: 760215 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20040211/8a53a21b/attachment.obj>


More information about the Snort-sigs mailing list