[Snort-sigs] Sid:628 update suggestion

Affeld, James JAffeld at ...419...
Fri Mar 12 06:50:21 EST 2004


Rule:  

--
Sid:628

--
Summary:

--
Impact:

--
Detailed Information:

--
Affected Systems:

--
Attack Scenarios:

--
Ease of Attack:

--
False Positives:A number of web content providers use tools with similar signatures to determine the closest server to a particular client.  They send packets designed to get through stateless packet filters (tcp port 53 and 80, ack flag set) to DNS servers and the client.  Similar purpose to Speedera technique addressed in SID:480.

--
False Negatives:

--
Corrective Action: none required.  

--
Contributors:

-- 
Additional References:




More information about the Snort-sigs mailing list