Snort mailing list archives

Re: More false positives on rules?

From: waldo kitty <wkitty42 () windstream net>
Date: Thu, 16 Sep 2010 11:34:26 -0400

On 9/16/2010 10:58, Andy Berryman wrote:

Anyone else seeing this? It looks like it’s triggering when people are opening
images on their cell phones. So far I’ve seen IOS, RIM, and LG phones.

EXPLOIT Microsoft Kodak Imaging small offset malformed tiff
12633

EXPLOIT Microsoft Kodak Imaging small offset malformed tiff2
12634


do you have sample of those images or, better yet, pcaps of that traffic 
carrying them?

it is possible that the rules need some adjustment but it is also possible that 
the images are malformed in the manner being sought...

more information is needed to solve the problem...

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

More false positives on rules? Andy Berryman (Sep 16)
- Re: More false positives on rules? waldo kitty (Sep 16)
- <Possible follow-ups>
- Re: More false positives on rules? Andy Berryman (Sep 16)
  - Re: More false positives on rules? Joel Esler (Sep 16)