[Snort-users] shellcode error

Hugo Ferr snortgrp at ...125...
Fri May 31 08:59:05 EDT 2002


thanks
----- Original Message -----
From: "Erek Adams" <erek at ...577...>
To: "Hugo Ferr" <snortgrp at ...125...>
Cc: "Got Snort?" <snort-users at lists.sourceforge.net>
Sent: Friday, May 31, 2002 11:24 AM
Subject: Re: [Snort-users] shellcode error


> On Fri, 31 May 2002, Hugo Ferr wrote:
>
> > Just out of curiosity - why !80, I was getting quite a lot of false
> > positives for shellcode on port 80, is that the number of false
positives is
> > the reason for !80?
>
> Yes.  Something as simple as a .GIF, .JPG, .EXE, etc. could set off those
> rules.  It would be nice to put FTP in there, but since the data channel
is on
> a random high port, it can't be.
>
> -----
> Erek Adams
> Nifty-Type-Guy
> TheAdamsFamily.Net
>




More information about the Snort-users mailing list