Snort mailing list archives
[Snort-Sigs] sid 17903 possible FP
From: matan monitz <mmonitz () gmail com>
Date: Wed, 17 Aug 2011 20:11:09 +0300
hello after seeing hits on this sig we started investigating a bit the request are for domains on *.eyeviewdigital.com which seems to be a legitimate ad compeny originating from www.play65.com which apears to be a legitmate gambling site digging deeper i was surprised to find out that play65 was actually part of the sig what made you classify this as *"BLACKLIST URI request for known malicious URI - stid="*? or are you just missing the "!" on the content keyword for play65? <http://www.snort.org/search/sid/17903>
------------------------------------------------------------------------------ Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user administration capabilities and model configuration. Take the hassle out of deploying and managing Subversion and the tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- [Snort-Sigs] sid 17903 possible FP matan monitz (Aug 17)
- Re: [Snort-Sigs] sid 17903 possible FP Alex Kirk (Aug 17)