[Snort-sigs] Lotsa 13974

Alex Kirk akirk at ...435...
Wed Oct 5 11:46:57 EDT 2011

Whenever you've got something you're concerned is a false positive, we need
a PCAP to do any sort of diagnostics on the matter. I've seen you
specifically use the snort.org form, and that's been most helpful for us
dealing with issues like this. If you could send along PCAP data, via
whatever method you prefer, on these, that'd be great.

On Wed, Oct 5, 2011 at 10:32 AM, Lay, James <james.lay at ...3513...>wrote:

> Yea 13974 is firing like mad…yesterday morning was 16377****
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure contains a
> definitive record of customers, application performance, security
> threats, fraudulent activity and more. Splunk takes this data and makes
> sense of it. Business sense. IT sense. Common sense.
> http://p.sf.net/sfu/splunk-d2dcopy1
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
> Please visit http://blog.snort.org for the latest news about Snort!

Alex Kirk
AEGIS Program Lead
Sourcefire Vulnerability Research Team
alex.kirk at ...435...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20111005/13de099c/attachment.html>

More information about the Snort-sigs mailing list