|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jefferson, Shawn (Shawn.Jefferson
bcferries.com)
Date: Fri Oct 01 2010 - 15:19:46 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
oops... maybe I inadvertently leaked the rule to the unregistered users. Sorry.
You can tell it's not a GID:3 rule...
-----Original Message-----
From: waldo kitty [mailto:wkitty42windstream.net]
Sent: Friday, October 01, 2010 1:15 PM
To: snort-userslists.sourceforge.net
Subject: Re: [Snort-users] Rule 17494
On 10/1/2010 15:08, Jefferson, Shawn wrote:
> Anyone else notice this rule, 17494 triggering a lot today? Or is it just me...
> it's an old vulnerability from 2006.
>
> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"WEB-CLIENT Microsoft
> Internet Explorer Long URL Buffer Overflow attempt"; flow:established,to_server;
> urilen:>260; content:"GET"; http_method; content:"HTTP|2F|1|2E|1|0D 0A|";
> metadata:service http; reference:bugtraq,19667; reference:cve,2006-3869;
> classtype:attempted-user; sid:17494; rev:1;)
please remember to include the GID (and revision)... AFAICT, this is either a
GID:3 (SO rule) or it is one of the new ones not yet available to "registered"
users...
thank you ;)
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]