Snort mailing list archives
Re: Snort rule triggered an alert, but why?
From: Chris Green <cmg () sourcefire com>
Date: Thu, 05 Dec 2002 16:09:11 -0500
C.Prickaerts () UB unimaas nl writes:
Hi Chris, But what was the attack ? The rule says it looks at repeated 43 content. But I failed to spot them in the dumplog.
It was a packet that went by that didn't match your homenet variable but was already alerted on. Please try to reproduce it with current sources. Thanks -- Chris Green <cmg () sourcefire com> Fame may be fleeting but obscurity is forever. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort rule triggered an alert, but why? C . Prickaerts (Dec 05)
- Re: Snort rule triggered an alert, but why? Chris Green (Dec 05)
- <Possible follow-ups>
- RE: Snort rule triggered an alert, but why? C . Prickaerts (Dec 05)
- Re: Snort rule triggered an alert, but why? Chris Green (Dec 05)
- RE: Snort rule triggered an alert, but why? C . Prickaerts (Dec 06)
- RE: Snort rule triggered an alert, but why? C . Prickaerts (Dec 08)