Snort mailing list archives

Re: shellcode error

From: "Hugo Ferr" <snortgrp () hotmail com>
Date: Fri, 31 May 2002 11:58:14 -0400

thanks
----- Original Message -----
From: "Erek Adams" <erek () theadamsfamily net>
To: "Hugo Ferr" <snortgrp () hotmail com>
Cc: "Got Snort?" <snort-users () lists sourceforge net>
Sent: Friday, May 31, 2002 11:24 AM
Subject: Re: [Snort-users] shellcode error

On Fri, 31 May 2002, Hugo Ferr wrote:

Just out of curiosity - why !80, I was getting quite a lot of false
positives for shellcode on port 80, is that the number of false

positives is

the reason for !80?


Yes.  Something as simple as a .GIF, .JPG, .EXE, etc. could set off those
rules.  It would be nice to put FTP in there, but since the data channel

is on

a random high port, it can't be.

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

shellcode error Hugo Ferr (May 30)
- RE: shellcode error bthaler (May 30)
  - Re: shellcode error Hugo Ferr (May 30)
    - Re: shellcode error Erek Adams (May 30)
    - Re: shellcode error Hugo Ferr (May 31)
    - Re: shellcode error Erek Adams (May 31)
    - Re: shellcode error Hugo Ferr (May 31)
- Re: shellcode error matt (May 30)
  - Re: shellcode error john (May 31)
    - Re: shellcode error Erek Adams (May 31)
    - Re: shellcode error Matt Kettler (May 31)