Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: msg update for these, please?

From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 28 Sep 2010 16:02:28 -0400
On 9/28/2010 15:45, Jefferson, Shawn wrote:

Maybe something along the lines of:

WEB-CLIENT Request for exe file

and

WEB-CLIENT Portable Executable binary file transfer

which would explain what’s happening a little better, and avoid potential
confusion hopefully.


yep, this is pretty close to what i came up with in my recent post on this 
thread now that it has been pointed out that 16425 is a GET request and not a 
POST or just a general either/or rule...

i have to wait to see if i get an answer to what 16425 would look like if it 
were a POST rule, though... it may be possible, without having actually tested 
it (yet) that it will fire on things it is not intended to fire on... it is 
extremely generic with only the one content:".exe"; in it...


------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: