Snort mailing list archives
Re: Snort Alert[1:16482:8]
From: "Michael Steele" <michaels () winsnort com>
Date: Tue, 26 Mar 2013 12:44:53 -0400
Is it possible users could be spoofing their x browser to appear to be IE? Best regards, Michael... WINSNORT.com Management Team Member -- ****************** Established ~ 2001 ******************* * Visit Us @ http://www.winsnort.com * * ~~ FREE WinIDS Snort installation guides ~~ * * ~~ FREE support forums ~~ * * Snort: Open Source Network IDS - http://www.snort.org * ********************************************************* -----Original Message----- From: Castle, Shane [mailto:scastle () bouldercounty org] Sent: Tuesday, March 26, 2013 12:32 PM To: 'Kee, Scott'; 'snort-users () lists sourceforge net' Subject: Re: [Snort-users] Snort Alert[1:16482:8] The info I have suggests that this rule has a very low or zero FP rate, indicating that you are mistaken and that there are really some IE 6 and 7 browsers on your net. I'd suggest following up on the IP addresses to see what is going on. Of course, it's possible that the alerts are being generated from browsers outside your network if you do not have $EXTERNAL_NET and $HOME_NET set up properly. -- Shane Castle Data Security Mgr, Boulder County IT -----Original Message----- From: Kee, Scott [mailto:Scott.Kee () kellwood com] Sent: Tuesday, March 26, 2013 08:38 To: snort-users () lists sourceforge net Subject: [Snort-users] Snort Alert[1:16482:8] I recently installed Snort on my Ubuntu machine. I am receiving a lot of 16482:8 alerts. It is Microsoft ie 6 and 7 vulnerability alert. I don't have any users who are on using IE 6 or 7. What is triggering this alert? Is this safe to ignore? Thanks Scott ---------------------------------------------------------------------------- -- Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Own the Future-Intel® Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort Alert[1:16482:8] Kee, Scott (Mar 26)
- Re: Snort Alert[1:16482:8] Castle, Shane (Mar 26)
- Re: Snort Alert[1:16482:8] Michael Steele (Mar 26)
- Re: Snort Alert[1:16482:8] James Lay (Mar 26)
- Re: Snort Alert[1:16482:8] Kee, Scott (Mar 26)
- Re: Snort Alert[1:16482:8] waldo kitty (Mar 26)
- Re: Snort Alert[1:16482:8] Alex Kirk (Mar 26)
- Re: Snort Alert[1:16482:8] Michael Steele (Mar 26)
- Re: Snort Alert[1:16482:8] Kee, Scott (Mar 27)
- Re: Snort Alert[1:16482:8] Castle, Shane (Mar 26)