[Emerging-Sigs] FP on 2011031?
evilghost at packetmail.net
Thu Oct 7 16:36:44 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
On 10/07/2010 03:25 PM, Weir, Jason wrote:
> Yup - it looks like it's firing on all HTTP GET requests... Only thing
> I changed was testing Matt's Beta ET Pro Open ruleset - no changes to
> the snort.conf..
I really wish I had more to offer here. I just can't fathom why this
rule is firing. We ran it with 2.8.5.x and even now with 18.104.22.168
without any false positives.
I rarely, if ever, see it fire. I know this doesn't help your situation
but I am putting thought into it.
Double-checked and we're running 2011031; anyone else having issues?
What version of Snort are you using Jason?
Just don't see why this rule would fire on all HTTP GETs, it should
never fire on HTTP "GET"...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Emerging-sigs