Focus on IDS
Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Re: Snort with an expert system
Jun 25 2009 11:25AM
Tomas Olsson (tol sics se)
My comments in the text below.
Stefano Zanero wrote:
>> "A false positive is an alert that triggers on normal traffic where no
>> intrusion or attack is underway"
> That's a good definition, but not really complete. Under that
> definition, if you place a rule that flags IRC connections, ...
[ more ]
Copyright 2010, SecurityFocus