[Snort-sigs] FP on 18372

Weir, Jason jason.weir at ...3410...
Wed Feb 16 09:43:38 EST 2011


Looks like a client downloading flash content...

GET
/portal/server.pt/gateway/PTARGS_0_2_23634_14364_435710_43/http%3B/pubco
ntent.state.pa.us/publishedcontent/publish/cop_general_government_operat
ions/sers/branding/flash/animation_homepage2.swf HTTP/1.1
Accept: */*
User-Agent: contype
Host: www.sers.state.pa.us
Cookie: *****removed******

GET /swf/masthead_large.swf HTTP/1.1
Accept: */*
User-Agent: contype
Host: www.wxrv.com
Cookie: *****removed******

GET /multimedia/archive/00379/sivananda_sports_379768a.swf HTTP/1.1
Accept: */*
User-Agent: contype
Host: www.thehindu.com

Can we improve on this rule?

-J


_____________________________________________________________________________________________

Please visit www.nhrs.org to subscribe to NHRS email announcements and updates.


More information about the Snort-sigs mailing list