Snort mailing list archives

Previous By Date Next
Previous By Thread Next

lots of false positives, Neutrino

From: <Grant.Sims () rksolutions com>
Date: Fri, 23 Oct 2015 17:32:58 +0000
I was looking at my snort alerts on SecurityOnion today and noticed a TON of alerts for "EXPLOIT-KIT Neutrino exploit 
kit landing page detected" (rule screenshot is attached)



looking at the rules for the past two years I have not seen many false positives on exploit kit landing pages. however 
this seem to be coming in for a wide range of users and a wide range of sites (everything from dell to evite to bing 
domains)



Just curious  if other people out there are experiencing this. with how wide range it is and no other rules indicating 
compromise i believe it is a false positive however with the current uptick in Neutrino exploit kits in the wild I 
thought i would submit something here.





Thanks!

Grant



------------------------------------------------------------------------------

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: