[Snort-sigs] FP on 17468

Weir, Jason jason.weir at ...3410...
Thu Nov 4 09:02:02 EDT 2010


I'm running rev:1

Again I request the current revision # be posted on the sig page

http://www.snort.org/search/sid/1-17468 - it would reduce this kind of
traffic..

-J

> -----Original Message-----
> From: rmkml [mailto:rmkml at ...174...] 
> Sent: Wednesday, November 03, 2010 4:34 PM
> To: Weir, Jason
> Cc: snort-sigs at lists.sourceforge.net; rmkml at ...174...
> Subject: Re: [Snort-sigs] FP on 17468
> 
> 
> Hi Jason,
> What revision you use please?
> Because two revision exist for this rule.
> Regards
> Rmkml
> 
> 
> On Wed, 3 Nov 2010, Weir, Jason wrote:
> 
> > Looks like normal websidestory\Omniture\Adobe web tracking content..
> >
> > -J
> >
> >
> > HTTP/1.1 200 OK
> > Date: Tue, 02 Nov 2010 15:58:04 GMT
> > Server: Apache/2.0.52
> > Last-Modified: Tue, 06 Jul 2010 23:56:28 GMT
> > ETag: "157c376-36b7-cd350300"
> > Accept-Ranges: bytes
> > Keep-Alive: timeout=60
> > Connection: close
> > Content-Type: application/x-javascript
> > Vary: Accept-Encoding, User-Agent
> > Content-Encoding: gzip
> >
> > //hbx.js,HBX1.5,COPYRIGHT 1997-2005 WEBSIDESTORY,INC. ALL RIGHTS 
> > RESERVED. U.S.PATENT No.6,393,479B1 & 6,766,370. 
> > INFO:http://websidestory.com/privacy
> > var _vjs="HBX0150.01u";
> > var 
> > 
> _dl=".exe,.zip,.wav,.wmv,.mp3,.mov,.mpg,.avi,.doc,.pdf,.xls,.ppt,.gz";
> > function _NA(a){return new Array(a?a:0)}function _NO(){return new 
> > Object()} var
> > 
> _mn=_hbq="",_hbA=_NA(),_hud="undefined",_lv=_NO(),_ec=_if=_ll=
> _hec=_hfs=
> > _hfc=_fvf=_ic=_pC=_fc=_pv=0,_hbi=new Image(),_hbin=_NA(),_pA=_NA();
> > 
> _lv.id=_lv.pos=_lv.l="";_hbE=_D("hbE")?_hbE:"";_hbEC=_D("hbEC"
> )?_hbEC:0;
> > var _ex="expires=Wed, 1 Jan 2020 00:00:00
> > GMT",_lvm=150,_lidt="lid",_lpost="lpos";
> > function _D(v){return(typeof
> > eval("window._"+v)!=_hud)?eval("window._"+v):""}function
> > _DD(v){return(typeof v!=_hud)?1:0}
> > function _A(v,c){return escape((_D("lc")=="y"&&_DD(c))?_TL(v):v)}
> > function _B(){return 0}function _GP(){return
> > location.protocol=="https:"?"https://":"http://"}
> > function _IC


_____________________________________________________________________________________________

Please visit www.nhrs.org to subscribe to NHRS email announcements and updates.


More information about the Snort-sigs mailing list