Snort mailing list archives
False positive
From: Angelita de Cássia Corrêa <angelita () uol com br>
Date: Mon, 18 Jul 2005 11:43:34 -0300
MessageI receive many of these alerts, what are really false positives? (http_inspect) BARE BYTE UNICODE ENCODING (http_inspect) OVERSIZE REQUEST-URI DIRECTORY (http_inspect) IIS UNICODE CODEPOINT ENCODING (snort_decoder): Truncated Tcp Options (snort_decoder): Tcp Options found with bad lengths attempted-recon: (http_inspect) DOUBLE DECODING ATTACK attempted-dos: ICMP PATH MTU denial of service misc-activity: ICMP PING CyberKit 2.2 Windows non-standard-protocol: (http_inspect) OVERSIZE CHUNK ENCODING Thanks, Angelita
Current thread:
- snort_decoder Angelita de Cássia Corrêa (Jul 17)
- Re: snort_decoder Joel Esler (Jul 17)
- Re: snort_decoder Martin Roesch (Jul 17)
- <Possible follow-ups>
- snort_decoder Angelita de Cássia Corrêa (Jul 18)
- False positive Angelita de Cássia Corrêa (Jul 18)
- Re: False positive Joel Esler (Jul 18)
- Re: False positive Angelita de Cássia Corrêa (Jul 18)
- False positive Angelita de Cássia Corrêa (Jul 18)
- Re: snort_decoder Joel Esler (Jul 17)