<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/1.0.4">
I am running rh7.3 linux, snort 1.8.7, acid0.9.6, and I am getting a lot of shellcode alerts. All of them are from legit http traffic from http servers. I thought that the "!" was the not operator. The shelcode variable is set to "!80" just the way it comes in the default settings.
I hope someone can tell me what is wrong or at least point me in the right direction.
Lancaster & Eure, P.A.