Stefano Zanero wrote:
>> "A false positive is an alert that triggers on normal traffic where no
>> intrusion or attack is underway"
>>
>
> That's a good definition, but not really complete. Under that
> definition, if you place a rule that flags IRC connections, ...
Stefano Zanero wrote:
>> "A false positive is an alert that triggers on normal traffic where no
>> intrusion or attack is underway"
>>
>
> That's a good definition, but not really complete. Under that
> definition, if you place a rule that flags IRC connections, ...
[ more ]