Snort mailing list archives
Rule 19253
From: "Lay, James" <james.lay () wincofoods com>
Date: Wed, 15 Jun 2011 08:12:09 -0600
Yowza...this thing fires CONSTANTLY:
06/15-08:08:12.474932 [**] [1:19253:1] WEB-CLIENT Adobe Reader
malicious language.engtesselate.ln file download attempt [**]
[Classification: Attempted User Privilege Gain] [Priority: 1] {TCP}
65.55.87.88:80 -> int.ip:18960
[08:10:18 ids:~/snort$] sudo grep language.engtesselate.l
~/internetalert.fast -c
235
That's in 10 minutes...crazy.
Suppressed and restarted...eww
James
------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org
Current thread:
- Rule 19253 Lay, James (Jun 15)
- Re: Rule 19253 rmkml (Jun 15)
- Re: Rule 19253 Joel Esler (Jun 15)
- Re: Rule 19253 Lay, James (Jun 15)
- Re: Rule 19253 Joel Esler (Jun 15)
- Re: Rule 19253 rmkml (Jun 15)