Hosting Provided By

[Snort-sigs] False positive found for rule side=1634

From: Bobby Kuzma <bobby(at)usawebs.net>
Date: Thu Mar 25 2004 - 17:44:45 EST

Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 110 (msg:"POP3 PASS overflow attempt"; flow:to_server,established; content:"PASS"; nocase; isdataat:50,relative; pcre:"/^PASS\s[^\n]{50}/smi"; reference:cve,CAN-1999-1511; reference:nessus,10325; classtype:attempted-admin; sid:1634; rev:8;)

--

Sid: 1634

--

Summary:

--

Impact:

--

Detailed Information:

--

Affected Systems:

--

Attack Scenarios:

--

Ease of Attack:

Do you need help?

--

False Positives: This rule can generate a false positive when the AppleMail client is used to retrieve mail via POP3

--

False Negatives:

--

Corrective Action:

--

Contributors:

--

Additional References:

Thanks,

Bobby Kuzma
USA Computer Technologies Inc

This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Thu Mar 25 18:29:26 2004

This message: [ Message body ]
Next message: Cory Hollingsworth: "[Snort-sigs] writing signatures from isolated viruses"
Previous message: Carl Gibbons: "Re: [Snort-sigs] snort whitelist"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:39 EDT

Do you need more help?