Snort mailing list archives

Re: HP Digital Sender

From: Matt Kettler <mkettler () evi-inc com>
Date: Fri, 12 Dec 2003 11:19:45 -0500

At 11:12 AM 12/12/2003, Michael.Mulholland () dfpni gov uk wrote:

I have a HP digital sender which generating lots of  'Shellcode x86 inc ebx
NOOP' messages

I'm pretty sure this is a falso positive but i'm interested in how to stop
the device generating all this stuff

i'm pretty new to this so apologies if this is a stupid question

You probably want to modify the ports and/or IPs examined by thatparticular shellcode rule.

90% of administering snort is getting "down in the mud" and making sometweaks to the rules.





-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

HP Digital Sender Michael . Mulholland (Dec 12)
- Re: HP Digital Sender Matt Kettler (Dec 12)