[Snort-users] Snort rule triggered an alert, but why?

C.Prickaerts at ...5294... C.Prickaerts at ...5294...
Fri Dec 6 00:02:01 EST 2002


Hi Chris,

I'm afraid I'm not proficient enough (yet) to do that.
Do you mean I should just let snort read the tcpdump file again and see if
it triggers the alert again ?

Chris

-----Original Message-----
From: Chris Green [mailto:cmg at ...1935...] 
Sent: donderdag 5 december 2002 22:09
To: C.Prickaerts at ...5294...
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Snort rule triggered an alert, but why?


C.Prickaerts at ...5294... writes:

> Hi Chris,
>
> But what was the attack ?
> The rule says it looks at repeated 43 content. But I failed to spot 
> them in the dumplog.
>

It was a packet that went by that didn't match your homenet variable but was
already alerted on. Please try to reproduce it with current sources.

Thanks
-- 
Chris Green <cmg at ...1935...>
Fame may be fleeting but obscurity is forever.




More information about the Snort-users mailing list