[Snort-sigs] 1:2515 false positive

giulio.martinat at ...3114... giulio.martinat at ...3114...
Thu Jul 14 07:09:16 EDT 2005


# This is a template for submitting snort signature descriptions to
# the snort.org website
#
# Ensure that your descriptions are your own
# and not the work of others.  References in the rules themselves
# should be used for linking to other's work.
#
# If you are unsure of some part of a rule, use that as a commentary
# and someone else perhaps will be able to fix it.
#
# $Id$
#
#

Rule:

--
Sid:

1:2515

Summary:

--
Impact:

--
Detailed Information:

Running a Fedora Core 4 installation. Redhat Network process (/usr/bin/rhn-applet-gui)
is running to check for OS updates. It polls rhn server (209.132.177.100:443)
every two hours or so resulting in a false positive.

Affected Systems:

Fedora Core 4

Attack Scenarios:

--
Ease of Attack:

--
False Positives:

WEB-MISC PCT Client_Hello overflow attempt

False Negatives:

--
Corrective Action:

--
Contributors:

--
Additional References:

Snort 2.3.3-1






More information about the Snort-sigs mailing list