Snort mailing list archives
Re: WebDAV
From: Erek Adams <erek () theadamsfamily net>
Date: Wed, 6 Nov 2002 14:33:11 -0800 (PST)
On Wed, 6 Nov 2002, Yaakov Yehudi wrote:
Can anyone tell me if the WebDAV file lock alert can be triggered by anything other than an intentional attempt to lock a file for editing etc. Some ISPs have offered a range of reasons for this alert - including: "worms"; "our client has no idea what you are talking about"; and ... "Apparently, normal traffic is causing your alarm to sound. If you click on the animated banner to the right of the "NFC News First Class" logo, on this site: http://www.nfc.co.il/04-11-2002.html?04-21-11. It evidently triggers your alarm. We investigated this from our customer behavior, and no wrong doing has occurred." I'll be grateful to hear your replies. I'm quite puzzled.
Well.... For one, I'm not 100% sure what rule you are talking about. I'm going to guess you are refering to one of the follwing SID's: 969 1070 1079 Depending on which one, other content could be triggering it. Check the packet dump vs. the rule and see what made it fire. You might be better off posting this to the snort-sigs list as that's where the 'sig geeks' tend to hang out. ;-) Cheers! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net ------------------------------------------------------- This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- WebDAV Yaakov Yehudi (Nov 06)
- Re: WebDAV Erek Adams (Nov 06)
- Re: WebDAV Jason Haar (Nov 06)
- <Possible follow-ups>
- Re: WebDAV Jason Haar (Nov 06)
- WebDAV Yaakov Yehudi (Nov 10)