[Snort-users] False positive ??

Milo Velimirovic milov at ...1467...
Thu Sep 25 14:32:06 EDT 2003


I noticed this alert while downloading software from Apple's developer 
site.

[**] [1:1390:3] SHELLCODE x86 inc ebx NOOP [**]
[Classification: Executable code was detected] [Priority: 1]
09/25-15:53:32.917624 17.254.0.200:56669 -> 138.49.xxx.xxx:60118
TCP TTL:239 TOS:0x0 ID:22986 IpLen:20 DgmLen:1320 DF
***A**** Seq: 0x69448EA8  Ack: 0xEB8C131B  Win: 0x2568  TcpLen: 32
TCP Options (3) => NOP NOP TS: 3076158921 3077302067

Name:    enfuego.apple.com
Address:  17.254.0.200


Milo Velimirovic       <milov "at" uwlax "dot" edu>
Unix Computer Network Administrator
University of Wisconsin - La Crosse
La Crosse, Wisconsin 54601 USA   43 48 05 N 91 14 22 W

There are 10 different types of people in the world.
Those who can read binary and those who can't.





More information about the Snort-users mailing list