[Snort-sigs] False positives for 1748
jfernandez at ...2106...
Mon May 10 03:50:05 EDT 2004
alert tcp $EXTERNAL_NET any -> $HOME_NET 21 (msg:"FTP command overflow
attempt"; flow:to_server,established,no_stream; dsize:>100;
reference:bugtraq,4638; classtype:protocol-command-decode; sid:1748;
This signature might trigger if an FTP client provides a legitimate
request which is over 100 characters long. For example, when FTP
clients store or request files with full path located in deep
directory hierarchies the full request might result in a filename that
exceedes 95 characters.
More information about the Snort-sigs