Snort mailing list archives
Re: More false positives on rules?
From: waldo kitty <wkitty42 () windstream net>
Date: Thu, 16 Sep 2010 11:34:26 -0400
On 9/16/2010 10:58, Andy Berryman wrote:
Anyone else seeing this? It looks like it’s triggering when people are opening images on their cell phones. So far I’ve seen IOS, RIM, and LG phones. EXPLOIT Microsoft Kodak Imaging small offset malformed tiff 12633 EXPLOIT Microsoft Kodak Imaging small offset malformed tiff2 12634
do you have sample of those images or, better yet, pcaps of that traffic carrying them? it is possible that the rules need some adjustment but it is also possible that the images are malformed in the manner being sought... more information is needed to solve the problem... ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- More false positives on rules? Andy Berryman (Sep 16)
- Re: More false positives on rules? waldo kitty (Sep 16)
- <Possible follow-ups>
- Re: More false positives on rules? Andy Berryman (Sep 16)
- Re: More false positives on rules? Joel Esler (Sep 16)