[Snort-users] wingate 8080 attempt?

Vitaly McLain twistah at ...93...
Sun Oct 1 23:41:21 EDT 2000


Simply commenting that out should work. You're bound to get false positives
with that rule anyway, and what it looks for is nothing life-threatining.

What I am wondering is why the rule doesn't go something like this:
alert tcp !$HOME_NET any -> $HOME_NET 8080 (msg:"WinGate 8080 Attempt";
flags: S;)
Seems to me that could stop a few false positives.

Vitaly McLain
twistah at ...93...





More information about the Snort-users mailing list