[Snort-sigs] huge number of false positives for WEB-MISC SSLv3 invalid Client_Hello attempt?

Matt Ostiguy ostiguy at ...2420...
Mon Jul 26 06:24:10 EDT 2004

Am I the only one getting an unholy number of FPs on this rule? I
believe there is some correlation with the keepalives/new mail polls
that I.E 6 will send to an exchange 2000 outlook web access server, as
I am seeing tons of FPs from *my* home network to my OWA 2k server
every 2 minutes, along with tons of similar FPs from what are
obviously OWA users


More information about the Snort-sigs mailing list