[Snort-sigs] FP on 1:18369:2 - BLACKLIST USER-AGENT known malicious user-agent string iexp-get

Jason Haar Jason.Haar at ...651...
Sun Mar 13 19:13:14 EDT 2011

On 03/14/2011 11:58 AM, Matt Olney wrote:
> Actually, in this case this isn't a false positive.  The alert is on a
> web get with a user agent "iexp-get" which is associated with
> baidu.com.  Baidu is considered adware and malware from some sources
> (I'm not judging one way or another) and has a rule here for use if
> you see fit.  So you have a policy decision.  If you allow the baidu
> service, you can disable the rule.  Otherwise, it worked :)
I've heard that before. If you're Chinese, you think baidu is great
(it's China's Google-killer), but there are always these "rumors" around
of it being "bad"

Siteadvisor sums it up: http://www.siteadvisor.com/sites/baidu.com
("it's good - but there's a bunch of people who got hacked via it")

I ain't going there: we'll disable the rule :-}


Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

More information about the Snort-sigs mailing list