Netflix

[Paul Cable <pcable () ebmky com>]

I am running Snort through the Alienvault Community edition.

We have a guy that likes to watch Netflix and use his Slingbox here. I'm not a big fan, but it hasn't affected our 
internet connection speeds so I can't really complain if it doesn't hurt his production.

The problem is Netflix produces a lot of:

snort: "WEB-CLIENT Mozilla multiple content-type headers malicious redirect attempt"

First comes one:

snort: "ET POLICY Netflix Streaming Player Access"

Followed by a very large amount of the malicious redirect attempt messages. I started up a video and let it play for 
about 3 minutes and it generated 50-100 of these events. IE and Firefox.

I can suppress them on my end, but it would be nice to have them as part of the definitions say they are Netflix 
related, since I don't think they should be considered malicious.

Then when I do get a malicious redirect attempt I won't think it's just Netflix.

I can provide more information or a pcap file if anyone needs more info.

Thanks,
PC



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!