Snort mailing list archives
sensitive data pre-processor
From: waldo kitty <wkitty42 () windstream net>
Date: Wed, 29 Sep 2010 12:49:31 -0400
is anyone else getting FPs with the sensitive data pre-processor? every single firing i've seen of the sensitive data rules has been a false positive and always apparently related to the serialization numbers used in web forms on forums and social networking sites... currently i have the SDF email addresses and social security numbers (w/out dashes) disabled... i've had numerous firings on the social security numbers (w/ dashes) rule, too, but have not yet disabled it... it is especially telling when the SSN rules fire on sites that have no SSN data on them or those that do but it has never been given... can the SDF decode encoded strings and may it possibly be detecting sensitive data in there?? ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- sensitive data pre-processor waldo kitty (Sep 29)
- Message not available
- Re: [Emerging-Sigs] sensitive data pre-processor Joel Esler (Sep 29)
- Message not available