Snort mailing list archives
1:11672, 3:11672 BROWSER-OTHER Mozilla Network Security Services SSLv2 stack overflow attempt
From: Steve Thames via Snort-sigs <snort-sigs () lists snort org>
Date: Wed, 27 Jun 2018 11:17:11 -0700
In my pfSense Snort IDS/IPS, I am seeing an increasing number of these alerts from customer network IPs. These are large orgs with, potentially, hundreds of clients NATed to a single public IP. This a very old threat and I'm reasonably sure the clients are not using a 10-year-old version of Mozilla, Thunderbird, SeaMonkey, or Java to access our web servers. Can someone shed some light on why we would be seeing an increasing number of these alerts? Thanks.
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- 1:11672, 3:11672 BROWSER-OTHER Mozilla Network Security Services SSLv2 stack overflow attempt Steve Thames via Snort-sigs (Jun 28)
- Re: 1:11672, 3:11672 BROWSER-OTHER Mozilla Network Security Services SSLv2 stack overflow attempt Y M via Snort-sigs (Jun 28)
- Re: 1:11672, 3:11672 BROWSER-OTHER Mozilla Network Security Services SSLv2 stack overflow attempt wkitty42--- via Snort-sigs (Jun 28)
- Re: 1:11672, 3:11672 BROWSER-OTHER Mozilla Network Security Services SSLv2 stack overflow attempt Steve Thames via Snort-sigs (Jun 28)
- Re: 1:11672, 3:11672 BROWSER-OTHER Mozilla Network Security Services SSLv2 stack overflow attempt Y M via Snort-sigs (Jun 29)
- Re: 1:11672, 3:11672 BROWSER-OTHER Mozilla Network Security Services SSLv2 stack overflow attempt Steve Thames via Snort-sigs (Jun 29)
- Re: 1:11672, 3:11672 BROWSER-OTHER Mozilla Network Security Services SSLv2 stack overflow attempt Y M via Snort-sigs (Jun 28)
- <Possible follow-ups>
- 1:11672, 3:11672 BROWSER-OTHER Mozilla Network Security Services SSLv2 stack overflow attempt Steve Thames via Snort-sigs (Jun 29)