[Snort-users] 1:17239 False Positive

Christopher A. Libby clibby at ...14973...
Tue Oct 12 12:21:52 EDT 2010


My initial guess would be disable this rule if you aren't using the product - the non-email port FP's are the only ones that really concern me. - Chris

Christopher A. Libby
Network & Security Administrator
IT Department - Phone 207-760-2508


-----Original Message-----
From: James Lay [mailto:jlay at ...13475...] 
Sent: Tuesday, October 12, 2010 8:43 AM
To: Snort
Subject: Re: [Snort-users] 1:17239 False Positive

Count me in here too...I saw a lot of these yesterday on port 25.

On 10/12/10 6:32 AM, "Christopher A. Libby"
<clibby at ...14973...> wrote:

>1:17239 "IMAP Alt-N MDaemon IMAP server CREATE command buffer overflow
>attempt" is giving me a false positive on SQL Server backup traffic.
>Could this rule be successfully limited to known IMAP ports?
>
>--------------------------------------------------------------------------
>----
>Beautiful is writing same markup. Internet Explorer 9 supports
>standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
>Spend less time writing and  rewriting code and more time creating great
>experiences on the web. Be a part of the beta today.
>http://p.sf.net/sfu/beautyoftheweb
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users



------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list