[Snort-sigs] FP: sid: 469 - ICMP PING NMAP

jynx jynx at ...3213...
Fri Mar 31 08:26:02 EST 2006


I have noticed a false pos from Win2k PCs talking to MS Active Directory
Servers. Below is the missing template information.

# This is a template for submitting snort signature descriptions to
# the snort.org website
#
# Ensure that your descriptions are your own
# and not the work of others.  References in the rules themselves
# should be used for linking to other's work.
#
# If you are unsure of some part of a rule, use that as a commentary
# and someone else perhaps will be able to fix it.
#
# $Id$
#
#

Rule:  ICMP PING NMAP

--
Sid:    469

--
Summary:

--
Impact:

--
Detailed Information:

--
Affected Systems:

--
Attack Scenarios:

--
Ease of Attack:

--
False Positives:        Workstations communicating with Microsoft Active
Directory Servers will cause false positives for this sid.

--
False Negatives:

--
Corrective Action:

--
Contributors:   jynx at ...3213...

--
Additional References:


jynx





More information about the Snort-sigs mailing list