Snort mailing list archives
Rule 17494
From: "Jefferson, Shawn" <Shawn.Jefferson () bcferries com>
Date: Fri, 1 Oct 2010 13:08:23 -0600
Anyone else notice this rule, 17494 triggering a lot today? Or is it just me... it's an old vulnerability from 2006. alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"WEB-CLIENT Microsoft Internet Explorer Long URL Buffer Overflow attempt"; flow:established,to_server; urilen:>260; content:"GET"; http_method; content:"HTTP|2F|1|2E|1|0D 0A|"; metadata:service http; reference:bugtraq,19667; reference:cve,2006-3869; classtype:attempted-user; sid:17494; rev:1;) -- Shawn Jefferson, IT Security, GCIH, GCFA British Columbia Ferry Services Inc. Tel: (250) 978-1508 Fax: (250) 405-3533 Shawn.Jefferson () bcferries com<mailto:Shawn.Jefferson () bcferries com> | www.bcferries.com<http://www.bcferries.com>
------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rule 17494 Jefferson, Shawn (Oct 01)
- Re: Rule 17494 Tomas Heredia (Oct 01)
- Re: Rule 17494 Joel Esler (Oct 01)
- Re: Rule 17494 Jeff Kell (Oct 01)
- Re: Rule 17494 waldo kitty (Oct 01)
- Re: Rule 17494 Jefferson, Shawn (Oct 01)
- Re: Rule 17494 JJC (Oct 01)
- Re: Rule 17494 waldo kitty (Oct 01)
- Re: Rule 17494 JJC (Oct 01)
- Re: Rule 17494 Tomas Heredia (Oct 01)
- Re: Rule 17494 infosec posts (Oct 01)
- Re: Rule 17494 Joel Esler (Oct 01)