[Snort-sigs] Unknown IIS Worm Sigs
bmc at ...95...
Fri Jun 25 07:41:08 EDT 2004
On Fri, Jun 25, 2004 at 09:35:23AM -0500, Matthew Jonkman wrote:
> >In many configurations, the rules being passed around won't work.
> >work at all.
> We do ave rules out there that will tell you if you have infected pc's
> onthe inside. I personally have 2577 below disabled. It was giving me
> hundreds of false's an hour. I last tried it on the current rev and
> still had issues. I'll give it another shot though and see if I can
> provide some feedback.
Can you send me pcap of these false positives. I don't see em on my
More information about the Snort-sigs