[Snort-sigs] False Positive: http://www.snort.org/snort-db/sid.html?sid=1360

Colin Harford colin.harford at ...2129...
Tue Jun 1 08:21:27 EDT 2004

[**] [1:1360:4] WEB-ATTACKS netcat command attempt [**]
[Classification: Web Application Attack] [Priority: 1]
05/23-14:52:46.637564 0:D:66:FE:58:0 -> 0:2:B3:CA:83:81 type:0x800 len:0x24A -> TCP TTL:47 TOS:0x0 ID:18716 IpLen:20
DgmLen:572 DF
***AP*** Seq: 0x5F4AF4B6  Ack: 0xCAA5B396  Win: 0xFFFF  TcpLen: 32
TCP Options (3) => NOP NOP TS: 1985895769 461718

There is a false positive generated with the above command, the affected
sequence is to use the new Entourage 2004 (mac) with exchange support
against an exchange server.

For more info please see:



More information about the Snort-sigs mailing list