Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: false positive FYI

From: "Al Lewis \(allewi\) via Snort-sigs" <snort-sigs () lists snort org>
Date: Thu, 7 Dec 2017 19:59:55 +0000
Hello,

Can you send a sample of the traffic?

Thanks.

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Snort-sigs <snort-sigs-bounces () lists snort org<mailto:snort-sigs-bounces () lists snort org>> on behalf of 
Daniel Schreiber <scrober () outlook de<mailto:scrober () outlook de>>
Date: Thursday, December 7, 2017 at 2:45 PM
To: "snort-sigs () lists snort org<mailto:snort-sigs () lists snort org>" <snort-sigs () lists snort 
org<mailto:snort-sigs () lists snort org>>
Subject: [Snort-sigs] false positive FYI

Hello,

these Rule here:
119:33 (http_inspect) UNESCAPED SPACE IN HTTP URI

Cause some false positve on my setup.

it blocks Apple Facetime server IPs and steam akamaitechnologies IPs that seems to reffer to the Steam Network.

Greetings




_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: