Snort mailing list archives
Re: False positives with SID 16533?
From: Matt Watchinski <mwatchinski () sourcefire com>
Date: Fri, 16 Apr 2010 14:49:40 -0400
Can you send us a pcap to fp () sourcefire com and we'll give it a look. Thanks -matt On Fri, Apr 16, 2010 at 2:10 PM, Andy Berryman <aberryman () cymtec com> wrote:
I'm seeing TONS of these events since the rule update. Anyone else seeing them as false positives? Thanks, Andy Berryman ________________________________ This message from Cymtec Systems, Inc. contains confidential information and is solely for the use of the recipient(s) named above. If you are not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this message in error and that any review, disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received this message in error, please destroy it immediately and notify Cymtec Systems, Inc. by telephone at +1.314.993.8700 or by return e-mail. ________________________________ ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Matthew Watchinski Sr. Director Vulnerability Research Team (VRT) Sourcefire, Inc. Office: 410-423-1928 http://vrt-sourcefire.blogspot.com && http://www.snort.org/vrt/ ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- False positives with SID 16533? Andy Berryman (Apr 16)
- Re: False positives with SID 16533? Matt Watchinski (Apr 16)
- Re: False positives with SID 16533? Andy Berryman (Apr 16)
- Re: False positives with SID 16533? Matt Watchinski (Apr 16)