Snort mailing list archives
interesting problem...
From: waldo kitty <wkitty42 () windstream net>
Date: Fri, 24 Sep 2010 14:22:20 -0400
i've been working on adjusting my environment to use the VRT published snort.conf for 2.8.6.1... i'm in the process of live testing and trying to figure out why some things are being alerted on... one of those is 3:13974:2 WEB-CLIENT Internet Explorer XHTML element memory corruption attempt several things: 1. at least i know that my SO rules are working because this is a GID:3 rule :) 2. this rule is being triggered at the following URL http://forums.snort.org/posts?amp%3Bq=&page=7 3. we do not use IE for browsing so why is this rule being triggered on the snort.org forums?? when i whitelist that IP, i can get there and read the messages quite easily... is something broken on the forum or is there possibly some advertising stuff there that's coming in that i'm not seeing because of my ad and script blocking?? ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- interesting problem... waldo kitty (Sep 24)