Snort mailing list archives
Re: shellcode error
From: Erek Adams <erek () theadamsfamily net>
Date: Fri, 31 May 2002 08:24:29 -0700 (PDT)
On Fri, 31 May 2002, Hugo Ferr wrote:
Just out of curiosity - why !80, I was getting quite a lot of false positives for shellcode on port 80, is that the number of false positives is the reason for !80?
Yes. Something as simple as a .GIF, .JPG, .EXE, etc. could set off those rules. It would be nice to put FTP in there, but since the data channel is on a random high port, it can't be. ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- shellcode error Hugo Ferr (May 30)
- RE: shellcode error bthaler (May 30)
- Re: shellcode error Hugo Ferr (May 30)
- Re: shellcode error Erek Adams (May 30)
- Re: shellcode error Hugo Ferr (May 31)
- Re: shellcode error Erek Adams (May 31)
- Re: shellcode error Hugo Ferr (May 31)
- Re: shellcode error Hugo Ferr (May 30)
- RE: shellcode error bthaler (May 30)
- Re: shellcode error john (May 31)
- Re: shellcode error Erek Adams (May 31)
- Re: shellcode error Matt Kettler (May 31)