Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: False Positive on VRT 28039

From: Jeremy Hoel <jthoel () gmail com>
Date: Tue, 26 Nov 2013 21:19:51 -0700
I was fiddling around with it trying to have it !content  for u.pw,
still working on that.  The category is fine, I just wondered if there
was a desire to filter the known site.

On Tue, Nov 26, 2013 at 9:04 PM, Joel Esler (jesler) <jesler () cisco com> wrote:

Maybe indicator-compromise is the wrong category.

--
Joel Esler
Intelligence Lead
Open Source Manager
Vulnerability Research Team


On Nov 26, 2013, at 19:39, "Jeremy Hoel" <jthoel () gmail com> wrote:

Rule is looking for .pw as indicator of compromise however upworthy
bought u.pw as a URL shortener.  Maybe modify the rule to exclude that
domain?

http://www.thedomains.com/2013/06/03/upworthy-com-buys-u-pw-as-url-shortener/

------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: