Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort Alert[1:16482:8]

From: James Lay <jlay () slave-tothe-box net>
Date: Tue, 26 Mar 2013 11:08:54 -0600
-----Original Message-----
From: Kee, Scott [mailto:Scott.Kee () kellwood com]
Sent: Tuesday, March 26, 2013 08:38
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort Alert[1:16482:8]

I recently installed Snort on my Ubuntu machine.    I am receiving a 
lot of
16482:8 alerts.  It is Microsoft ie 6 and 7 vulnerability alert.

I don't have any users who are on using IE 6 or 7.  What is 
triggering this
alert?  Is this safe to ignore?



Thanks



Keep in mind that we are targeting the vulnerability.  As such, the 
server could be responding with possible vulnerable code relevant to IE, 
and this rule doesn't check User Agent.  If you're not running any IE in 
your environment, you may want to consider commenting out the 
browser-ie.rules.  Hope that helps.

James

------------------------------------------------------------------------------
Own the Future-Intel&reg; Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game 
on Steam. $5K grand prize plus 10 genre and skill prizes. 
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: