IDS mailing list archives

SMTP traffic

From: bron () gmail com
Date: 2 Jul 2007 03:01:15 -0000


 I am sort of new to IDS. I am writing rule for IPS.  If i have a rule which requires monitoring the argument of Mail 
From : SMTP command, then it may happen that my rule can get triggered inside the body of emails giving me false 
positives. 
 
 Any suggestions how can i remove such false positives ?

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------

Current thread:

SMTP traffic bron (Jul 03)
- Re: SMTP traffic Jose Nazario (Jul 03)
- <Possible follow-ups>
- Re: SMTP traffic max (Jul 03)