Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Signatures
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Snort-sigs] FP for sid:2570

from [Russell Fulton] Network Security [Permanent Link]
Subject: [Snort-sigs] FP for sid:2570
Date: Fri, 20 May 2005 16:28:22 +1200 
Nagios checks trigger this rule:

GET / HTTP/1.0..User-Agent: check_http/1.81 (nagios-plugins 
1.4)..Host: 130.216.5.101....

The problem being that the rule matches the second 'http/'  Is there a
way to force it to match the first without resorting to convoluted REs?

We can tweak the check_http plugin so it does not trigger this but it
would be better to fix the rule if we can.

Russell

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Snort-sigs] FP for sid:2570, Russell Fulton <=
Previous by Date:  [Snort-sigs] ftpbounce?, Jeff Kell
Next by Date:  [Snort-sigs] False Positives: BACKDOOR NetMetro File List, Chich Thierry
Previous by Thread:  [Snort-sigs] ftpbounce?, Jeff Kell
Next by Thread:  [Snort-sigs] False Positives: BACKDOOR NetMetro File List, Chich Thierry
Indexes:  [Date] [Thread] [Top] [All Lists]