Snort mailing list archives
Re: IPHONE user agent?
From: Joel Esler <jesler () sourcefire com>
Date: Mon, 3 Dec 2012 10:29:14 -0500
So, to give people an update about what this was… fast_pattern:only; was slipped into the content match for one rule pack update awhile back, and it was immediately removed. Jeff happened to get that one rule pack. It's been fixed for some time. If you experience this issue, please update the rule pack you are using. -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire On Dec 2, 2012, at 11:37 AM, Joel Esler <jesler () sourcefire com> wrote:
It shouldn't be. The User-Agent should be all in caps. Which isn't an iPhone. -- Joel Esler Sent from my iPad On Dec 1, 2012, at 11:10 PM, Jeff Kell <jeff-kell () utc edu> wrote:This "BLACKLIST User-Agent known malicious user-agent string IPHONE" sig is going off all over the place. Appears to be real iPhones (?) Clarification? Looks like a pre-baked detection criteria... Jeff ------------------------------------------------------------------------------ Keep yourself connected to Go Parallel: DESIGN Expert tips on starting your parallel project right. http://goparallel.sourceforge.net/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Keep yourself connected to Go Parallel: BUILD Helping you discover the best ways to construct your parallel projects. http://goparallel.sourceforge.net
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- IPHONE user agent? Jeff Kell (Dec 01)
- Re: IPHONE user agent? Jeff Kell (Dec 01)
- Re: IPHONE user agent? Joel Esler (Dec 02)
- Re: IPHONE user agent? Joel Esler (Dec 03)