[Snort-users] Rule SID 1325

Matt Linton mlinton at ...10499...
Thu Nov 6 10:23:04 EST 2003


I've seen a few random messages to this effect in the past, but it's worth
noting: The rule #1325 seems to repeatedly false positive on SSH v2
connections as a part of the normal handshake. Is this rule obsolete, or
perhaps SSH with the minimum of options set simply has a lot of "00"
options at the end, matching the rule?


+---------------------------------------------------
| Regards;
| Matt Linton
| UNIX Systems Administrator
| ASANI Solutions, LLC.
+---------------------------------------------------




More information about the Snort-users mailing list