Snort mailing list archives

[Snort-Sigs] sid 17903 possible FP

From: matan monitz <mmonitz () gmail com>
Date: Wed, 17 Aug 2011 20:11:09 +0300

hello
after seeing hits on this sig we started investigating a bit
the request are for domains on *.eyeviewdigital.com which seems to be a
legitimate ad compeny originating from
www.play65.com which apears to be a legitmate gambling site
digging deeper i was surprised to find out that play65 was actually part of
the sig
what made you classify this as *"BLACKLIST URI request for known malicious
URI - stid="*?
or are you just missing the "!" on the content keyword for play65?


<http://www.snort.org/search/sid/17903>

------------------------------------------------------------------------------
Get a FREE DOWNLOAD! and learn more about uberSVN rich system, 
user administration capabilities and model configuration. Take 
the hassle out of deploying and managing Subversion and the 
tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

[Snort-Sigs] sid 17903 possible FP matan monitz (Aug 17)
- Re: [Snort-Sigs] sid 17903 possible FP Alex Kirk (Aug 17)