Snort mailing list archives

Previous By Date Next
Previous By Thread Next

SID 1221 - musicat empower access

From: Guise McAllaster <guise.mcallaster () gmail com>
Date: Tue, 22 Dec 2009 15:01:45 +0000
Please let me bring our attention to SID 1221 - musicat empower access.
This detects attempted access that results in a path disclosure.  It is also
from 2001.  A few things to note.  From what I can tell, it is not "musicat"
but "muscat".  Next, the rule only looks for uricontent:"empower".    Seems
a little simple, even for VRT.  What about doing a little more to reduce the
false positive?  How about uricontent:"empower?"  or
uricontent:"empower?DB="

Just some thoughts.  As for me, I'm suppressing it since I don't run it and
this rule is old like bottom posting.

Cheers,

Guise

------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
Previous By Date Next
Previous By Thread Next

Current thread: