Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] SID 480 - False Positive

from [Firth, Matt] Network Security [Permanent Link]
Subject: [Snort-sigs] SID 480 - False Positive
Date: Tue, 19 Oct 2004 14:36:16 -0500 
Rule: ICMP PING speedera
Sid: 1:480
False Positives: The "Keep-Alive" feature enabled by default in many VPN
Tunnels can trigger a false positive for this rule. Keep-alives make sure
that a VPN tunnel stays established at all times by continuously sending
ICMP pings through the tunnel. The tunnel is re-established if necessary.
Nortel Instant Internet VPN devices have been observed generating ICMP
traffic that is mis-interpreted by Snort as Speedera pings.
-------------------------------
This is my first attempt to contribute to the Snort Rules database. I
apologize if I have not used the proper format. Please let me know if I need
to provide any additional information. 
Your feedback would be greatly appreciated to let me know this message made
it's way to the right place. 
M.Firth



-------------------------------------------------------
This Newsletter Sponsored by: Macrovision 
For reliable Linux application installations, use the industry's leading
setup authoring tool, InstallShield X. Learn more and evaluate 
today. http://clk.atdmt.com/MSI/go/ins0030000001msi/direct/01/
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Snort-sigs] SID 480 - False Positive, Firth, Matt <=
Previous by Date:  RE: [Snort-sigs] False positive alert: sid:2570, nnposter
Next by Date:  RE: [Snort-sigs] snort software, Naveen Kumar Akkugari
Previous by Thread:  [Snort-sigs] ARP "Who has (one address)" > "Tell (many different, random IP's)", Les Yaw
Next by Thread:  [Snort-sigs] suggested changes to rule 2229, Rainer
Indexes:  [Date] [Thread] [Top] [All Lists]