[Snort-sigs] High FP for sid 8428 (SSL get_shared_ciphers() overflow)

Jon Hart jhart at ...288...
Fri Oct 27 14:27:56 EDT 2006

I've been seeing a non-trivial number of hits to this sig over the past
week or so.  I believe I understand what the rule is looking for, but
I'm not sure I can think of ways it can false positive.

Has anyone else had this signature trigger, and have any thoughts as to
whether or not it was detecting an actual attack?  


More information about the Snort-sigs mailing list