Re: Adobe Flash outdated

[Paul Cable <pcable () ebmky com>]

No need to apologize. I'm very happy to confirm it isn't something wrong with my configuration.

It would be nice if these snort warnings could be used, but Spiceworks can tell me the same thing, so it isn't a big 
problem.

Thanks for checking for me,
PC




________________________________________
From: Castle, Shane [scastle () bouldercounty org]
Sent: Tuesday, August 21, 2012 6:13 PM
To: Paul Cable; snort-users () lists sourceforge net
Subject: RE: Adobe Flash outdated

Well, some research shows that you are right, and that I have disabled these rules in my ruleset, because the rules 
just can't keep up (and for other reasons I won't go into).

Sigh. Sorry about that. If you are certain that your flash is up to date then I suggest you disable the rule too.

--
Shane Castle
Data Security Mgr, Boulder County IT
CISSP GSEC GCIH


-----Original Message-----
From: Paul Cable [mailto:pcable () ebmky com]
Sent: Tuesday, August 21, 2012 10:07
To: Castle, Shane; snort-users () lists sourceforge net
Subject: RE: Adobe Flash outdated

Here is the payload from a flash advert.

GET /res/2206/40305/39242.swf HTTP/1.1  Accept: */*  Accept-Language: en-US  Referer:
http://usadmm.dotomi.com/dmm/servlet/dmm?pid=5533&dres=iframe&mtg=0&ms=11&btg=1&mp=1&rwidth=300&rheight=250&pp=712&cg=2035&rurl=http%3A//ads
x-flash-version: 11,3,300,271  Accept-Encoding: gzip, deflate  User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows 
NT 6.1; WOW64;
Trident/5.0)  Host: usweb.dotomi.com  Connection: Keep-Alive


And according to Adobe's website:
http://www.adobe.com/software/flash/about/
Newest version is 11.3.300.271

I'm getting this message from multiple machines in my office of about 20 clients. Just counting today 15 different 
systems have spawned this message.




-----Original Message-----
From: Castle, Shane [mailto:scastle () bouldercounty org]
Sent: Tuesday, August 21, 2012 11:07 AM
To: Paul Cable; snort-users () lists sourceforge net
Subject: RE: Adobe Flash outdated

It's probably a TP, and it refers to the installation of Flash that an IE browser is using. Auto-update doesn't always 
seem to work, and if the Flash installation is old enough, it isn't there.

In fact, I'd go so far as to say that Adobe's auto-update is broken. Try downloading and running Secunia PSI on a 
couple of those systems and see what it tells you.

--
Shane Castle
Data Security Mgr, Boulder County IT
CISSP GSEC GCIH

-----Original Message-----
From: Paul Cable [mailto:pcable () ebmky com]
Sent: Tuesday, August 21, 2012 08:51
To: snort-users () lists sourceforge net
Subject: [Snort-users] Adobe Flash outdated

I have adobe flash set to auto-update on all of my client machines, but I am still getting massive amounts of:



snort: "ET POLICY Outdated Windows Flash Version IE"



Is this telling me the adobe flash version running on the website they are visiting is out of date or is it a false 
positive?



Thanks,

PC


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!