[Snort-sigs] FP on 17468

rmkml rmkml at ...174...
Thu Nov 4 12:01:02 EDT 2010


Hi Jason,
rev 2 exist for this rule (outing SEU 384 on 26 oct 2010).
{adding launchURL content for reduce FP}
Regards
Rmkml


On Thu, 4 Nov 2010, Weir, Jason wrote:

> I'm running rev:1
> Again I request the current revision # be posted on the sig page
> http://www.snort.org/search/sid/1-17468 - it would reduce this kind of
> traffic..
> -J
>
>> -----Original Message-----
>> From: rmkml [mailto:rmkml at ...174...]
>> Sent: Wednesday, November 03, 2010 4:34 PM
>> To: Weir, Jason
>> Cc: snort-sigs at lists.sourceforge.net; rmkml at ...174...
>> Subject: Re: [Snort-sigs] FP on 17468
>>
>>
>> Hi Jason,
>> What revision you use please?
>> Because two revision exist for this rule.
>> Regards
>> Rmkml
>>
>>
>> On Wed, 3 Nov 2010, Weir, Jason wrote:
>>
>>> Looks like normal websidestory\Omniture\Adobe web tracking content..
>>>
>>> -J
>>>
>>>
>>> HTTP/1.1 200 OK
>>> Date: Tue, 02 Nov 2010 15:58:04 GMT
>>> Server: Apache/2.0.52
>>> Last-Modified: Tue, 06 Jul 2010 23:56:28 GMT
>>> ETag: "157c376-36b7-cd350300"
>>> Accept-Ranges: bytes
>>> Keep-Alive: timeout=60
>>> Connection: close
>>> Content-Type: application/x-javascript
>>> Vary: Accept-Encoding, User-Agent
>>> Content-Encoding: gzip
>>>
>>> //hbx.js,HBX1.5,COPYRIGHT 1997-2005 WEBSIDESTORY,INC. ALL RIGHTS
>>> RESERVED. U.S.PATENT No.6,393,479B1 & 6,766,370.
>>> INFO:http://websidestory.com/privacy
>>> var _vjs="HBX0150.01u";
>>> var
>>>
>> _dl=".exe,.zip,.wav,.wmv,.mp3,.mov,.mpg,.avi,.doc,.pdf,.xls,.ppt,.gz";
>>> function _NA(a){return new Array(a?a:0)}function _NO(){return new
>>> Object()} var
>>>
>> _mn=_hbq="",_hbA=_NA(),_hud="undefined",_lv=_NO(),_ec=_if=_ll=
>> _hec=_hfs=
>>> _hfc=_fvf=_ic=_pC=_fc=_pv=0,_hbi=new Image(),_hbin=_NA(),_pA=_NA();
>>>
>> _lv.id=_lv.pos=_lv.l="";_hbE=_D("hbE")?_hbE:"";_hbEC=_D("hbEC"
>> )?_hbEC:0;
>>> var _ex="expires=Wed, 1 Jan 2020 00:00:00
>>> GMT",_lvm=150,_lidt="lid",_lpost="lpos";
>>> function _D(v){return(typeof
>>> eval("window._"+v)!=_hud)?eval("window._"+v):""}function
>>> _DD(v){return(typeof v!=_hud)?1:0}
>>> function _A(v,c){return escape((_D("lc")=="y"&&_DD(c))?_TL(v):v)}
>>> function _B(){return 0}function _GP(){return
>>> location.protocol=="https:"?"https://":"http://"}
>>> function _IC






More information about the Snort-sigs mailing list