[Snort-sigs] FPs - ORACLE BEA WebLogic Server Plug-ins Certificate overflow attempt 16606
r.fulton at ...575...
Mon Jul 26 17:18:27 EDT 2010
I am seeing lots of hits on this rule -- mostly from local ISP addresses which strongly suggests that they are FPs.
I have lots more sample if anyone wants them -- getting a full session capture might be possible too if needed.
Information Security Officer, The University of Auckland
More information about the Snort-sigs