[Snort-sigs] AOL and SID2570
michael.peters at ...2994...
Thu Feb 10 08:42:29 EST 2005
Does anyone have experience with the AOL client browser tripping this rule?
(msg:"WEB-MISC Invalid HTTP Version String"; flow:to_server,established;
content:"HTTP/"; nocase; isdataat:6,relative; content:!"|0A|"; within:5;
classtype:non-standard-protocol; sid:2570; rev:7;)
Bleeding edge rules have remained the same for this SID. I am not sure if
there is anything that can be tweaked to make it work rather than just
turning it completely off.
More information about the Snort-sigs