[Snort-sigs] Re: bleedingsnort PNG rule 2001203 FP?

Federico Petronio petrus at ...2312...
Tue Aug 24 08:45:02 EDT 2004

Federico Petronio wrote:

> I found that, if I surf in MySQL site:
> the rule 2001203 generate alerts (5 for each full refresh). After 
> looking the source, I found only 3 pngs in the page, and none of those 
> triggers the rule by itself, but the all page does. I really don't 
> understand why this happens. Anyone could explains this?

Ok, finally with help of tcpdump I found the PNG that triggers the rule, 
  the URL is:

This PNG triggers the rule 2001203, in my previus mail are the payload 

                                         Federico Petronio
                                         petrus at ...2312...

More information about the Snort-sigs mailing list