[Snort-sigs] SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS

Guise McAllaster guise.mcallaster at ...2420...
Wed Jan 13 12:56:24 EST 2010


Hello.  Thanks you for response.   Turns out that I do not have MS ISA.  But
now I am curious.  Alert is happening on a very small packet.  Why?  Not
sure if it encrypted data.  Can I get a copy of source code for this?

Thanks.

Guise

On Wed, Jan 13, 2010 at 5:23 PM, JJ Cummings <cummingsj at ...2420...> wrote:

> First thing that I would do is look at the source and destination of the
> proposed "attack" and determine if the traffic that it is sending is
> legitimate, then if you cannot confirm that this traffic should exist in the
> form that it is in.. continue down the line that you are..
>
> is the target (destination) an an MS ISA Server and Forefront Threat
> Management Gateway? etc...
>
> On Wed, Jan 13, 2010 at 10:14 AM, Guise McAllaster <
> guise.mcallaster at ...2420...> wrote:
>
>> Hello.  I am experiencing massive rule alerting for SID 15474 - MS ISA
>> Server and Forefront Threat Management Gateway DoS.  I want to know if it is
>> all false positive or not but apparently rule is GID 3.  What to do?  I am
>> trying to find this rule in the source code but do not.  Where is it?  I
>> thought snort was open source?  Can someone make me aware of the location
>> where I can receive the code for this?
>>
>> Thank you in advance.
>>
>> Guise
>>
>>
>> ------------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Verizon Developer Community
>> Take advantage of Verizon's best-in-class app development support
>> A streamlined, 14 day to market process makes app distribution fast and
>> easy
>> Join now and get one step closer to millions of Verizon customers
>> http://p.sf.net/sfu/verizon-dev2dev
>> _______________________________________________
>> Snort-sigs mailing list
>> Snort-sigs at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>>
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20100113/d2806292/attachment.html>


More information about the Snort-sigs mailing list