Snort mailing list archives
Re: FP on 5803
From: Alex Kirk <akirk () sourcefire com>
Date: Thu, 17 Feb 2011 14:34:44 -0500
Looks like it's "sort of" legit in that you were visiting a page affiliated with the Myway.com people, but given that we have User-Agent based rules for this toolbar as well, and that your U-A looks normal here, the rule is misidentifying whether or not you have the toolbar installed (which would have been the original point of the rule). Since the U-A stuff should work better anyway, we'll just delete this rule. On Thu, Feb 17, 2011 at 1:51 PM, Weir, Jason <jason.weir () nhrs org> wrote:
Triggers just visiting this url http://apnews.myway.com/article/20110217/D9LEGDMG0.html GET /images/nocache/tr/gca/m.gif?rand=473750261&a=excite_myway_default_js&u= http%3A//apnews.myway.com/article/20110217/D9LEGDMG0.html&r=-1&w=5&k=&v= &g=&s=&h= HTTP/1.1 Host: imgfarm.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://apnews.myway.com/article/20110217/D9LEGDMG0.html -J _____________________________________________________________________________________________ Please visit www.nhrs.org to subscribe to NHRS email announcements and updates. ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org
-- Alex Kirk AEGIS Program Lead Sourcefire Vulnerability Research Team +1-410-423-1937 alex.kirk () sourcefire com
------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org
Current thread:
- FP on 5803 Weir, Jason (Feb 17)
- Re: FP on 5803 Alex Kirk (Feb 17)