Snort mailing list archives
Re: Rule question.. SID 1:1000103
From: waldo kitty <wkitty42 () windstream net>
Date: Wed, 13 Mar 2013 19:40:32 -0500
On 3/13/2013 16:18, Jeremy Hoel wrote:
But there's no CVE or any other information to read about the rule.. just that it looks for Joy9m along with User-Agent. Lately this has been hitting on Joy0m in cookie data.. so I know it's a FP, but I want to find out if it can be disabled, but there not notes.. and my google-fu is failing me.
how old is the rule? that SID number looks pretty old... ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Rule question.. SID 1:1000103 Jeremy Hoel (Mar 13)
- Re: Rule question.. SID 1:1000103 waldo kitty (Mar 13)
- Re: Rule question.. SID 1:1000103 Jeremy Hoel (Mar 13)
- Re: Rule question.. SID 1:1000103 waldo kitty (Mar 13)