[Snort-users] More false positives on rules?

waldo kitty wkitty42 at ...14940...
Thu Sep 16 11:34:26 EDT 2010


On 9/16/2010 10:58, Andy Berryman wrote:
> Anyone else seeing this? It looks like it’s triggering when people are opening
> images on their cell phones. So far I’ve seen IOS, RIM, and LG phones.
>
> EXPLOIT Microsoft Kodak Imaging small offset malformed tiff
> 12633
>
> EXPLOIT Microsoft Kodak Imaging small offset malformed tiff2
> 12634

do you have sample of those images or, better yet, pcaps of that traffic 
carrying them?

it is possible that the rules need some adjustment but it is also possible that 
the images are malformed in the manner being sought...

more information is needed to solve the problem...




More information about the Snort-users mailing list