FP:10995 rev3

[<snort () leeclemens net>]

Hello,

I believe I a seeing a FP with this BDAT DoS attempt.

The packet being alerted on is SMTP, paylaod length 23, containing only:
EHLO <server name> 0D 0A

Is this correct? The rule appears to use content "BDAT", which is not contained in the server name either.

-Lee


------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs