Snort mailing list archives
Re: FP on 1:18369:2 - BLACKLIST USER-AGENT known malicious user-agent string iexp-get
From: "evilghost () packetmail net" <evilghost () packetmail net>
Date: Sun, 13 Mar 2011 18:22:30 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/13/11 17:58, Matt Olney wrote:
Actually, in this case this isn't a false positive.
Thank you Matt for the clarification and explanation. In the ET case the root issue was terse string matching coupled with gratuitous nocase. It seems the VRT rule was not subjected to this oversight. Kind Regards, - -evilghost -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJNfVG1AAoJENgimYXu6xOHa1wP/0L6gG/uJ20oE/olnK1G9m4a 56/4PVREk2yXVUSWChWqFzDiLTSGqsmjtrR9lpCR7dqGVO/U1+pKFua/fXLL/dQX Qo8E2VB84GStyNJO5/ms+5Raux1H6FWIxZgs67Ltk33DwzFfIGOJ+BWGj/Lje0pz yIq5boChtKRUj+BBO//YUo2SeQl2WM1nnMKxeHbWyK0vjDKn8A/34IvTvIIe/Uro RKycgIkYNRZYzXGrUKknrsCq3+Elh5fGl+7pa+iwQmu3wjzq299nsitI8ttlujUh cX0/Owhhcf5k2uZBadMpjpnKUTjNfxODAZsjtK6kLxnzGTb0WdcyyR7YfdlFXFY5 b6ho6JUDRB74m8z0HIeuHMPaf0PifE/drVNs9rBHOPLf3C9aD2LuPC1gKnvxvQO2 KTPnGXKYqxbgcsCdGTC1t6jTL9nqDMnhHa7uPmovBr2yUH41Xy873m8QtpvHc5Na TNbV9G4zMvd/2/kyXFfHZXoTBEUF8bHIePZ6dki9oiKlzx/Brvzn45I5KiTR322F ciwpSD4v3M/Yt5Htl6XRGKQdYca5gF5cs+ENAdPyO8umPmgmldG7+kjs5nCoXWKZ 2AhEW0OkDx0z7EDvdpq3xmsSZO2JM89Es6xG0RNEUcByvC6rtKf/llAliJtqs7Fd XxMBLvOf9xpN/6+929HC =RaC2 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org
Current thread:
- FP on 1:18369:2 - BLACKLIST USER-AGENT known malicious user-agent string iexp-get Jason Haar (Mar 13)
- Re: FP on 1:18369:2 - BLACKLIST USER-AGENT known malicious user-agent string iexp-get Matt Olney (Mar 13)
- Re: FP on 1:18369:2 - BLACKLIST USER-AGENT known malicious user-agent string iexp-get evilghost () packetmail net (Mar 13)
- Re: FP on 1:18369:2 - BLACKLIST USER-AGENT known malicious user-agent string iexp-get Matt Olney (Mar 13)
- Re: FP on 1:18369:2 - BLACKLIST USER-AGENT known malicious user-agent string iexp-get Jason Haar (Mar 13)
- Re: FP on 1:18369:2 - BLACKLIST USER-AGENT known malicious user-agent string iexp-get evilghost () packetmail net (Mar 13)