[Snort-sigs] SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS

JJ Cummings cummingsj at ...2420...
Wed Jan 13 12:23:04 EST 2010

First thing that I would do is look at the source and destination of the
proposed "attack" and determine if the traffic that it is sending is
legitimate, then if you cannot confirm that this traffic should exist in the
form that it is in.. continue down the line that you are..

is the target (destination) an an MS ISA Server and Forefront Threat
Management Gateway? etc...

On Wed, Jan 13, 2010 at 10:14 AM, Guise McAllaster <
guise.mcallaster at ...2420...> wrote:

> Hello.  I am experiencing massive rule alerting for SID 15474 - MS ISA
> Server and Forefront Threat Management Gateway DoS.  I want to know if it is
> all false positive or not but apparently rule is GID 3.  What to do?  I am
> trying to find this rule in the source code but do not.  Where is it?  I
> thought snort was open source?  Can someone make me aware of the location
> where I can receive the code for this?
> Thank you in advance.
> Guise
> ------------------------------------------------------------------------------
> This SF.Net email is sponsored by the Verizon Developer Community
> Take advantage of Verizon's best-in-class app development support
> A streamlined, 14 day to market process makes app distribution fast and
> easy
> Join now and get one step closer to millions of Verizon customers
> http://p.sf.net/sfu/verizon-dev2dev
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20100113/e0062d46/attachment.html>

More information about the Snort-sigs mailing list