On Wed, Nov 11, 2009 at 9:24 AM, Glenn Kelley <gl...@typo3usa.com> wrote: > short update - > I have blocked > but still seem like we might have issues - > 1394ip$EXTERNAL_NETany$HOME_NETany SHELLCODE x86 inc ecx NOOP > has anyone else seen this - when all the user is doing is remote email ? > I would like not to have to disable all shellcode stuff.
Encrypted traffic will likely frequently trip shellcode detection signatures and are almost always going to be false positives. I'd change the sig to ignore port 587. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org