[Snort-sigs] Possible FP for rules 2329

Guillaume Arcas guillaume.arcas at ...324...
Thu Jun 2 07:39:28 EDT 2005


Hi.

I get false positive alerts with SQL rule 2329 that catch Windows XP VPN Client
traffic (udp/4500 for both src and dest.) as "MS-SQL probe response overflow
attempt".

I think that it is due to the rule not having any port for destination.

Best regards,


Guillaume Arcas

-------------------------------------------------------
"L'amour et l'imagination aveuglent aisément l'esprit."
M. de Cervantès




More information about the Snort-sigs mailing list