From: Jefferson, Shawn (Shawn.Jeffersonbcferries.com)
Date: Fri Oct 01 2010 - 14:08:23 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Anyone else notice this rule, 17494 triggering a lot today? Or is it just me... it's an old vulnerability from 2006.

alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"WEB-CLIENT Microsoft Internet Explorer Long URL Buffer Overflow attempt"; flow:established,to_server; urilen:>260; content:"GET"; http_method; content:"HTTP|2F|1|2E|1|0D 0A|"; metadata:service http; reference:bugtraq,19667; reference:cve,2006-3869; classtype:attempted-user; sid:17494; rev:1;)

--
Shawn Jefferson, IT Security, GCIH, GCFA
British Columbia Ferry Services Inc.
Tel: (250) 978-1508
Fax: (250) 405-3533
Shawn.Jeffersonbcferries.com<mailto:Shawn.Jeffersonbcferries.com> | www.bcferries.com<http://www.bcferries.com>

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]