[Snort-sigs] FP on 1:18369:2 - BLACKLIST USER-AGENT known malicious user-agent string iexp-get
Jason.Haar at ...651...
Sun Mar 13 19:13:14 EDT 2011
On 03/14/2011 11:58 AM, Matt Olney wrote:
> Actually, in this case this isn't a false positive. The alert is on a
> web get with a user agent "iexp-get" which is associated with
> baidu.com. Baidu is considered adware and malware from some sources
> (I'm not judging one way or another) and has a rule here for use if
> you see fit. So you have a policy decision. If you allow the baidu
> service, you can disable the rule. Otherwise, it worked :)
I've heard that before. If you're Chinese, you think baidu is great
(it's China's Google-killer), but there are always these "rumors" around
of it being "bad"
Siteadvisor sums it up: http://www.siteadvisor.com/sites/baidu.com
("it's good - but there's a bunch of people who got hacked via it")
I ain't going there: we'll disable the rule :-}
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
More information about the Snort-sigs