interesting problem...

[waldo kitty <wkitty42 () windstream net>]

i've been working on adjusting my environment to use the VRT published 
snort.conf for 2.8.6.1... i'm in the process of live testing and trying to 
figure out why some things are being alerted on... one of those is


3:13974:2 WEB-CLIENT Internet Explorer XHTML element memory corruption attempt


several things:
1. at least i know that my SO rules are working because this is a GID:3 rule :)

2. this rule is being triggered at the following URL

     http://forums.snort.org/posts?amp%3Bq=&page=7

3. we do not use IE for browsing


so why is this rule being triggered on the snort.org forums?? when i whitelist 
that IP, i can get there and read the messages quite easily... is something 
broken on the forum or is there possibly some advertising stuff there that's 
coming in that i'm not seeing because of my ad and script blocking??



------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users