[Snort-users] HP Digital Sender

Matt Kettler mkettler at ...4108...
Fri Dec 12 08:18:05 EST 2003


At 11:12 AM 12/12/2003, Michael.Mulholland at ...9481... wrote:
>I have a HP digital sender which generating lots of  'Shellcode x86 inc ebx
>NOOP' messages
>
>I'm pretty sure this is a falso positive but i'm interested in how to stop
>the device generating all this stuff
>
>i'm pretty new to this so apologies if this is a stupid question

You probably want to modify the ports and/or IPs examined by that 
particular shellcode rule.

90% of administering snort is getting "down in the mud" and making some 
tweaks to the rules.






More information about the Snort-users mailing list