[Snort-sigs] High FP for sid 8428 (SSL get_shared_ciphers() overflow)

Jon Hart jhart at ...288...
Fri Oct 27 14:27:56 EDT 2006


I've been seeing a non-trivial number of hits to this sig over the past
week or so.  I believe I understand what the rule is looking for, but
I'm not sure I can think of ways it can false positive.

Has anyone else had this signature trigger, and have any thoughts as to
whether or not it was detecting an actual attack?  

-jon




More information about the Snort-sigs mailing list