Snort mailing list archives
Re: SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS
From: Guise McAllaster <guise.mcallaster () gmail com>
Date: Wed, 13 Jan 2010 17:56:24 +0000
Hello. Thanks you for response. Turns out that I do not have MS ISA. But now I am curious. Alert is happening on a very small packet. Why? Not sure if it encrypted data. Can I get a copy of source code for this? Thanks. Guise On Wed, Jan 13, 2010 at 5:23 PM, JJ Cummings <cummingsj () gmail com> wrote:
First thing that I would do is look at the source and destination of the proposed "attack" and determine if the traffic that it is sending is legitimate, then if you cannot confirm that this traffic should exist in the form that it is in.. continue down the line that you are.. is the target (destination) an an MS ISA Server and Forefront Threat Management Gateway? etc... On Wed, Jan 13, 2010 at 10:14 AM, Guise McAllaster < guise.mcallaster () gmail com> wrote:Hello. I am experiencing massive rule alerting for SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS. I want to know if it is all false positive or not but apparently rule is GID 3. What to do? I am trying to find this rule in the source code but do not. Where is it? I thought snort was open source? Can someone make me aware of the location where I can receive the code for this? Thank you in advance. Guise ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS Guise McAllaster (Jan 13)
- Re: SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS JJ Cummings (Jan 13)
- Re: SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS Guise McAllaster (Jan 13)
- Re: SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS Nigel Houghton (Jan 13)
- Re: SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS Guise McAllaster (Jan 13)
- Re: SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS Nigel Houghton (Jan 13)
- Re: SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS Guise McAllaster (Jan 13)
- Re: SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS Nigel Houghton (Jan 13)
- Re: SID 15474 - MS ISA Server and Forefront Threat Management Gateway DoS JJ Cummings (Jan 13)