Snort mailing list archives
SID 1221 - musicat empower access
From: Guise McAllaster <guise.mcallaster () gmail com>
Date: Tue, 22 Dec 2009 15:01:45 +0000
Please let me bring our attention to SID 1221 - musicat empower access. This detects attempted access that results in a path disclosure. It is also from 2001. A few things to note. From what I can tell, it is not "musicat" but "muscat". Next, the rule only looks for uricontent:"empower". Seems a little simple, even for VRT. What about doing a little more to reduce the false positive? How about uricontent:"empower?" or uricontent:"empower?DB=" Just some thoughts. As for me, I'm suppressing it since I don't run it and this rule is old like bottom posting. Cheers, Guise
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- SID 1221 - musicat empower access Guise McAllaster (Dec 22)
- Re: SID 1221 - musicat empower access Matt Olney (Dec 22)
- Re: SID 1221 - musicat empower access Matt Olney (Dec 22)
- Re: SID 1221 - musicat empower access Guise McAllaster (Dec 22)
- Re: SID 1221 - musicat empower access Matt Olney (Dec 22)
- Re: SID 1221 - musicat empower access Matt Olney (Dec 22)
- Re: SID 1221 - musicat empower access Matt Olney (Dec 22)