Snort mailing list archives
FILE-IDENTIFY FON font file download request (1:20269)
From: "Rodgers, Anthony (DTMB)" <RodgersA1 () michigan gov>
Date: Mon, 11 May 2015 11:43:17 +0000
Perhaps we should negate geo.kaspersky.com for this sig? It fires every morning for a host on our network that updates its AV sigs: GET /diffs/bases/wmuf/wmuf0005.dat.fon HTTP/1.0 Host: dnl-11.geo.kaspersky.com Pragma: no-cache Cache-Control: no-cache Connection: keep-alive User-Agent: liByyC5fj_zqmQyr3w_1hp05wkkxu56lll-9u4uBVANMTAuMS4yNDk= -- Anthony Rodgers Security Analyst Michigan Security Operations Center (MiSOC) DTMB, Michigan Cyber Security
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- FILE-IDENTIFY FON font file download request (1:20269) Rodgers, Anthony (DTMB) (May 11)
- Re: FILE-IDENTIFY FON font file download request (1:20269) Alex McDonnell (May 11)
- Re: FILE-IDENTIFY FON font file download request (1:20269) Rodgers, Anthony (DTMB) (May 11)
- Re: FILE-IDENTIFY FON font file download request (1:20269) Alex McDonnell (May 11)