[Snort-sigs] False positive for P2P GNUTella client request (1432)

Mike Adams mikea at ...2282...
Fri Jun 25 06:53:01 EDT 2004


Even moreso, any web server connection to any port that is not 80 will 
trigger this alarm..


On Wednesday, June 23, 2004, at 07:05 AM, Randy Bradley wrote:

> # This is a template for submitting snort signature descriptions to
> # the snort.org website
> #
> # Ensure that your descriptions are your own
> # and not the work of others.  References in the rules themselves
> # should be used for linking to other's work.
> #
> # If you are unsure of some part of a rule, use that as a commentary
> # and someone else perhaps will be able to fix it.
> #
> # $Id$
> #
> #
>
> Rule:
>
> --
> Sid:
> 1432
> --
> Summary:
>
> --
> Impact:
>
> --
> Detailed Information:
>
> --
> Affected Systems:
>
> --
> Attack Scenarios:
>
> --
> Ease of Attack:
>
> --
> False Positives:
> Any HTTP connection to a URL with port 8080 will trigger this alert.
> --
> False Negatives:
>
> --
> Corrective Action:
>
> --
> Contributors:
>
> -- 
> Additional References:
>
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by Black Hat Briefings & Training.
> Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital 
> self defense, top technical experts, no vendor pitches, unmatched 
> networking opportunities. Visit www.blackhat.com
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
>





More information about the Snort-sigs mailing list