[Snort-sigs] False +ves on WEB-CLIENT HTML http scheme hostname overflow attempt 3550

Russell Fulton r.fulton at ...575...
Tue Aug 30 22:00:05 EDT 2005


I'm seeing hundreds of hits on this rule where there are more
than 255 chars following 'http://' with no blanks or spaces.

Russell

HTTP/1.1 302 Found..P3P: policyref="http://www.googleadservi
ces.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR
 OTR IND OTC"..Location: http://www.googleadservices.com/pag
ead/adclick?adurl=http://www.nzlocums.com&sa=L&ai=BHY04OOMTQ  <===
-z-MYr-LMCO9b4Ip5qhCM2Auu4BwI23AeDkURABGAEgkMqPA0D6E0iGOVC0o
oSG-f____8BmAGcSqAB2dPE_gOyARR3d3cuc3RhcnJlcHVibGljLm9yZ7oBC
TcyOHg5MF9hc8gBAdoBRmh0dHA6Ly93d3cuc3RhcnJlcHVibGljLm9yZy9lb
mN5Y2xvcGVkaWEvd2lraXBlZGlhL2kvaW1wYWN0LzIwMDNmLmh0bWw&num=1
&client=ca-pub-3744238248221118&nb=1&jca=1366..Content-Type: ===>
 text/html; charset=ISO-8859-1..Server: CAFE/1.0..Content-Le
ngth: 0..Date: Tue, 30 Aug 2005 04:40:36 GMT....




More information about the Snort-sigs mailing list