Catbird sets off alerts

[Kevin L Pawloski <kpawloski () juno com>]

The network monitoring service Catbird is hitting my website with traffic
and sets off alerts. Is there any way to ignore Catbird in this rule?
They do not have a general IP range they use either, this service is
similar to Speedera.

Rule: alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC http
directory traversal"; flags: A+; content: "../"; reference:arachnids,297;
classtype:attempted-recon; sid:1113; rev:1;)

Packet:
47 45 54 20 2F 69 6D 61 67 65 73 2F 68 6F 6D 65   GET /images/home
70 61 67 65 2F 75 6F 6C 5F 6A 75 6E 6F 5F 74 61   page/ta
67 2E 67 69 66 20 48 54 54 50 2F 31 2E 31 0D 0A   g.gif HTTP/1.1.
41 63 63 65 70 74 3A 20 2A 2F 2A 0D 0A 54 45 3A   Accept: */*.TE:
20 74 72 61 69 6C 65 72 73 0D 0A 48 6F 73 74 3A    trailers.Host:
20 77 77 77 2E 6A 75 6E 6F 2E 63 6F 6D 0D 0A 52    www.falling.net.R
65 66 65 72 65 72 3A 20 2E 2E 2F 2E 2E 2F 0D 0A   eferer: ../../.
55 73 65 72 2D 41 67 65 6E 74 3A 20 4D 6F 7A 69   User-Agent: Mozi
6C 6C 61 2F 34 2E 37 20 63 61 74 62 69 72 64 2F   lla/4.7 catbird/
35 2E 33 2E 32 0D 0A 43 6F 6E 6E 65 63 74 69 6F   5.3.2.Connectio
6E 3A 20 54 45 0D 0A 0D 0A                        n: TE

Thanks!

Kevin

________________________________________________________________
GET INTERNET ACCESS FROM JUNO!
Juno offers FREE or PREMIUM Internet access for less!
Join Juno today!  For your FREE software, visit:
http://dl.www.juno.com/get/web/.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users