Snort mailing list archives
Rule 17407 produces false positives on Yahoo photo gallery viewer
From: Steve <steve.bachelor () gmail com>
Date: Mon, 1 Oct 2012 16:50:44 -0400
An HTTP GET request included the string [lots of characters]%3dv.hLPtFJpBs-%2f[lots more characters] That's obviously not a Windows help file download request. Should I add a regex to the rule looking for '\.hlp(?![a-zA-Z0-9])' or something like that? ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Rule 17407 produces false positives on Yahoo photo gallery viewer Steve (Oct 02)