Snort mailing list archives
Re: false positive FYI
From: "Al Lewis \(allewi\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Thu, 7 Dec 2017 19:59:55 +0000
Hello, Can you send a sample of the traffic? Thanks. Albert Lewis ENGINEER.SOFTWARE ENGINEERING SOURCEfire, Inc. now part of Cisco Email: allewi () cisco com<mailto:allewi () cisco com> From: Snort-sigs <snort-sigs-bounces () lists snort org<mailto:snort-sigs-bounces () lists snort org>> on behalf of Daniel Schreiber <scrober () outlook de<mailto:scrober () outlook de>> Date: Thursday, December 7, 2017 at 2:45 PM To: "snort-sigs () lists snort org<mailto:snort-sigs () lists snort org>" <snort-sigs () lists snort org<mailto:snort-sigs () lists snort org>> Subject: [Snort-sigs] false positive FYI Hello, these Rule here: 119:33 (http_inspect) UNESCAPED SPACE IN HTTP URI Cause some false positve on my setup. it blocks Apple Facetime server IPs and steam akamaitechnologies IPs that seems to reffer to the Steam Network. Greetings
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- false positive FYI Daniel Schreiber (Dec 07)
- <Possible follow-ups>
- Re: false positive FYI Al Lewis (allewi) via Snort-sigs (Dec 07)