Snort mailing list archives
Re: Rule 37111
From: "Rodgers, Anthony (DTMB)" <RodgersA1 () michigan gov>
Date: Fri, 18 Dec 2015 19:23:59 +0000
Ditto for us. -- Anthony Rodgers Security Analyst Michigan Security Operations Center (MiSOC) DTMB, Michigan Cyber Security From: Andre DiMino [mailto:adimino () sempersecurus org] Sent: Friday, December 18, 2015 13:43 To: jlay () slave-tothe-box net Cc: Snort-Sigs <snort-sigs () lists sourceforge net> Subject: Re: [Snort-sigs] Rule 37111 Same. Seeing thousands of alerts over the past hour from legit CDNs. On Fri, Dec 18, 2015 at 11:47 AM, James Lay <jlay () slave-tothe-box net<mailto:jlay () slave-tothe-box net>> wrote: This is a noisy one this AM: alert tcp $EXTERNAL_NET $FILE_DATA_PORTS -> $HOME_NET any (msg:"FILE-FLASH Adobe Flash Player PCRE parsing out of bounds read attempt"; flow:to_client,established; flowbits:isset,file.swf; file_data; content:"RegExp"; fast_pattern:only; content:"<"; content:!">"; within:20; metadata:policy balanced-ips drop, policy security-ips drop, service ftp-data, service http, service imap, service pop3; reference:bugtraq,78710; reference:cve,2015-8418; reference:url,helpx.adobe.com/security/products/flash-player/apsb15-32.html<http://helpx.adobe.com/security/products/flash-player/apsb15-32.html>; classtype:attempted-user; sid:37111; rev:1;) http://pagead2.googlesyndication[.]com/osd/hbe.swf?id=0~2 James ------------------------------------------------------------------------------ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net<mailto:Snort-sigs () lists sourceforge net> https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! -- Andre' M. DiMino DeepEnd Research http://www.deependresearch.org<http://deependresearch.org> http://sempersecurus.org "Make sure that nobody pays back wrong for wrong, but always try to be kind to each other and to everyone else" - 1 Thess 5:15 (NIV)
------------------------------------------------------------------------------
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Rule 37111 James Lay (Dec 18)
- Re: Rule 37111 Andre DiMino (Dec 18)
- Re: Rule 37111 Rodgers, Anthony (DTMB) (Dec 18)
- Re: Rule 37111 Geoffrey Serrao (Dec 18)
- Re: Rule 37111 Nick Randolph (Dec 18)
- Re: Rule 37111 James Lay (Dec 18)
- Re: Rule 37111 Andre DiMino (Dec 18)