Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FP on 5803

From: Alex Kirk <akirk () sourcefire com>
Date: Thu, 17 Feb 2011 14:34:44 -0500
Looks like it's "sort of" legit in that you were visiting a page affiliated
with the Myway.com people, but given that we have User-Agent based rules for
this toolbar as well, and that your U-A looks normal here, the rule is
misidentifying whether or not you have the toolbar installed (which would
have been the original point of the rule).

Since the U-A stuff should work better anyway, we'll just delete this rule.

On Thu, Feb 17, 2011 at 1:51 PM, Weir, Jason <jason.weir () nhrs org> wrote:


Triggers just visiting this url

http://apnews.myway.com/article/20110217/D9LEGDMG0.html


GET
/images/nocache/tr/gca/m.gif?rand=473750261&a=excite_myway_default_js&u=
http%3A//apnews.myway.com/article/20110217/D9LEGDMG0.html&r=-1&w=5&k=&v=
&g=&s=&h= HTTP/1.1
Host: imgfarm.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13)
Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://apnews.myway.com/article/20110217/D9LEGDMG0.html

-J



_____________________________________________________________________________________________

Please visit www.nhrs.org to subscribe to NHRS email announcements and
updates.

------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org





-- 
Alex Kirk
AEGIS Program Lead
Sourcefire Vulnerability Research Team
+1-410-423-1937
alex.kirk () sourcefire com

------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org
Previous By Date Next
Previous By Thread Next

Current thread: