Snort mailing list archives

Re: GID3 SID16408 False Positives

From: "evilghost () packetmail net" <evilghost () packetmail net>
Date: Wed, 10 Feb 2010 07:39:33 -0600

Thank you for looking into this and addressing it.

-evilghost

Monica Sojeong Hong wrote:

The false positives you are seeing are the result of TCP window
scaling (see RFC 1323). Thanks for the report, we will make the
appropriate changes to the rule and we'll put out a revised version in
the next release.

Regards,


------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

Current thread:

GID3 SID16408 False Positives evilghost () packetmail net (Feb 09)
- Re: GID3 SID16408 False Positives Joel Esler (Feb 09)
  - Re: GID3 SID16408 False Positives evilghost () packetmail net (Feb 09)
    - Re: GID3 SID16408 False Positives evilghost () packetmail net (Feb 09)
    - Message not available
    - Re: GID3 SID16408 False Positives evilghost () packetmail net (Feb 10)
    - Re: GID3 SID16408 False Positives Joel Esler (Feb 09)