[Snort-sigs] Rule 2101 FP's...

Tobias Rice rice at ...2618...
Wed Jul 14 13:12:14 EDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings,
I'm not sure if this is the correct method for sending a FP, so please
let me know if there are better ways to do this.

Rule 2101 gives false positives when our windows clients send print jobs
to our windows print servers. I'm not sure what can be done considering
the content [0] but it is included for your review.
Thanks for your time.
Tobias Rice

[0]
length = 100

000 : 00 00 00 60 FF 53 4D 42 25 00 00 00 00 18 07 C8   ...`.SMB%.......
010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 08 9C 04   ................
020 : 00 08 45 20 10 00 00 00 00 00 00 00 00 00 00 00   ..E ............
030 : 00 E8 03 00 00 00 00 00 00 60 00 00 00 00 00 02   .........`......
040 : 00 53 00 00 00 1D 00 00 5C 00 50 00 49 00 50 00   .S......\.P.I.P.
050 : 45 00 5C 00 73 00 70 00 6F 00 6F 00 6C 00 73 00   E.\.s.p.o.o.l.s.
060 : 73 00 00 00                                       s...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA4EX1RJX8S0T0CkURAkTMAKDDd/Lvvps4D2stcV7d8Uim8otIggCePDbg
Yt1ob2Vy17G2sFnkc1Fyz3M=
=59mU
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list