[Snort-sigs] SID 2182

Serveur-Faucon Surveillance SrvFaucon at ...2223...
Wed Feb 11 09:19:22 EST 2004

Hi snort.
I hope that this can help you. Have a nice day! Alexandre

# $Id$

Rule:  na

Sid: 2182

Summary: False Negative

Impact: A lot of false negatives :)

Detailed Information: You can get the 2182.cap file attached to this email.
This is actually the ethereal file of me sniffing network activities.
Filter destination to and you can see that the window size
of my tcp packet are not 55808. But snort does report it as a SID 2182.
The only thing I have been doing is surfing my sentinix (sentinix.org)
server with https.

Affected Systems: Windows? / Linux / Snort / Sentinix?

Attack Scenarios: none

Ease of Attack: na

False Positives: see details

False Negatives: na

Corrective Action: na

Contributors: Alexandre Racine

Additional References: see attached file.

Alexandre Racine
Montréal, Québec, Canada

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2182.cap
Type: application/octet-stream
Size: 760215 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20040211/8a53a21b/attachment.obj>

More information about the Snort-sigs mailing list