[Snort-users] Snort 2.1.0, getting mixed up signatures.
Jason.Haar at ...294...
Sun Feb 8 15:42:01 EST 2004
On Tue, Jan 20, 2004 at 12:14:00PM +0100, Patrik Astrom wrote:
> I noticed today that Snort seems to be mixing up signatures, below you
> will find a example from my alerts log.
> [**] [1:2003:2] MS-SQL Worm propagation attempt [**]
> [Classification: Misc Attack] [Priority: 2]
> 01/09-16:34:45.969351 22.214.171.124:53 -> 62.xx.xx.xx:0
> Clearly the first example is NOT a MS-SQL Worm, is there a known issue
> with Snort mixing up signatures ?, I would be most grateful for any hints
> or suggestions you might have.
I think this is an old bug I reported ages ago ("Definite corruption of
addresses in Snort 2.02 alert" ; Message-ID:
<20030929030424.GA20830 at ...294...>).
i.e. I too have had snort claim to see things that just didn't happen.
Has this issue being verified?
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
More information about the Snort-users