[Snort-sigs] AOL and SID2570

mdpeters michael.peters at ...2994...
Thu Feb 10 08:42:29 EST 2005


Does anyone have experience with the AOL client browser tripping this rule?

(msg:"WEB-MISC Invalid HTTP Version String"; flow:to_server,established; 
content:"HTTP/"; nocase; isdataat:6,relative; content:!"|0A|"; within:5; 
reference:bugtraq,9809; reference:nessus,11593; 
classtype:non-standard-protocol; sid:2570; rev:7;)

Bleeding edge rules have remained the same for this SID. I am not sure if 
there is anything that can be tweaked to make it work rather than just 
turning it completely off.

Best regards,

Michael 





More information about the Snort-sigs mailing list