[Snort-users] Snort rule triggered an alert, but why?

Chris Green cmg at ...1935...
Thu Dec 5 13:11:05 EST 2002


C.Prickaerts at ...5294... writes:

> Hi Chris,
>
> But what was the attack ?
> The rule says it looks at repeated 43 content. But I failed to spot them in
> the dumplog.
>

It was a packet that went by that didn't match your homenet variable
but was already alerted on. Please try to reproduce it with current
sources.

Thanks
-- 
Chris Green <cmg at ...1935...>
Fame may be fleeting but obscurity is forever.




More information about the Snort-users mailing list