[Snort-sigs] 2515 "WEB-MISC PCT Client_Hello" FPs
sekure at ...2420...
Fri Jun 25 11:43:01 EDT 2004
I am wondering if any more tightening up can be performed on the rev:9
of this rule. I still see a lot of False Positives. It also
accurately alerts on "legitimate" overflow attempts, but the FPs are
I guess i can always suppress it since I am not really running any IIS
boxes, but I like to keep most of the current rules on, even if they
don't apply to me, just to see who is trying what.
More information about the Snort-sigs