[Snort-users] More false positives on rules?
wkitty42 at ...14940...
Thu Sep 16 11:34:26 EDT 2010
On 9/16/2010 10:58, Andy Berryman wrote:
> Anyone else seeing this? It looks like it’s triggering when people are opening
> images on their cell phones. So far I’ve seen IOS, RIM, and LG phones.
> EXPLOIT Microsoft Kodak Imaging small offset malformed tiff
> EXPLOIT Microsoft Kodak Imaging small offset malformed tiff2
do you have sample of those images or, better yet, pcaps of that traffic
it is possible that the rules need some adjustment but it is also possible that
the images are malformed in the manner being sought...
more information is needed to solve the problem...
More information about the Snort-users