Re: FP on 1:18369:2 - BLACKLIST USER-AGENT known malicious user-agent string iexp-get

[Jason Haar <Jason.Haar () trimble co nz>]

On 03/14/2011 11:58 AM, Matt Olney wrote:
> Actually, in this case this isn't a false positive.  The alert is on a
> web get with a user agent "iexp-get" which is associated with
> baidu.com.  Baidu is considered adware and malware from some sources
> (I'm not judging one way or another) and has a rule here for use if
> you see fit.  So you have a policy decision.  If you allow the baidu
> service, you can disable the rule.  Otherwise, it worked :)
I've heard that before. If you're Chinese, you think baidu is great
(it's China's Google-killer), but there are always these "rumors" around
of it being "bad"

Siteadvisor sums it up: http://www.siteadvisor.com/sites/baidu.com
("it's good - but there's a bunch of people who got hacked via it")

I ain't going there: we'll disable the rule :-}


-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org