[Snort-users] Using Snort & DB to remove false alarms

Brian bmc at ...950...
Tue Apr 6 17:31:03 EDT 2004


On Wed, Apr 07, 2004 at 11:31:44AM +1200, Jason Haar wrote:
> I think this is an excellent idea - but it's a wheel that shouldn't be
> re-invented.
> 
> Nessus had exactly this issue to contend with, so all that can be stolen
> should be from it to do it right.

Uh, not really.  Nessus attempts to retrieve a page that doesn't exist,
forcing the issue on checking 404 banners.  If you don't do that, how
would you ever know that the "OK 200" that you get back is really an OK?

Brian




More information about the Snort-users mailing list