[Snort-users] shellcode error
erek at ...577...
Fri May 31 08:25:06 EDT 2002
On Fri, 31 May 2002, Hugo Ferr wrote:
> Just out of curiosity - why !80, I was getting quite a lot of false
> positives for shellcode on port 80, is that the number of false positives is
> the reason for !80?
Yes. Something as simple as a .GIF, .JPG, .EXE, etc. could set off those
rules. It would be nice to put FTP in there, but since the data channel is on
a random high port, it can't be.
More information about the Snort-users