IDS mailing list archives
Re: HTTP traffic
From: abhicc285 () gmail com
Date: 18 Jul 2007 03:42:49 -0000
When we write any rules for HTTP traffic will >there be any issue of false positive ?
Hi, HTTP rules are prone to false positive as well. For example, there is a vulnerability called as MS dos Device name vulnerability. To prevent this vulnerability, MS Dos Device name like aux, com, lpt needs to be blocked. If your rule is blocking only com, the rule will end up blocking all the .com as well, triggering lot of false positives. Hope it helps Abhi ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- HTTP traffic nj006 (Jul 17)
- <Possible follow-ups>
- RE: HTTP traffic Pachulski, Keith (Jul 17)
- Re: HTTP traffic abhicc285 (Jul 18)