[Snort-sigs] false positive FYI
Al Lewis (allewi)
allewi at cisco.com
Thu Dec 7 14:59:55 EST 2017
Can you send a sample of the traffic?
SOURCEfire, Inc. now part of Cisco
Email: allewi at cisco.com<mailto:allewi at cisco.com>
From: Snort-sigs <snort-sigs-bounces at lists.snort.org<mailto:snort-sigs-bounces at lists.snort.org>> on behalf of Daniel Schreiber <scrober at outlook.de<mailto:scrober at outlook.de>>
Date: Thursday, December 7, 2017 at 2:45 PM
To: "snort-sigs at lists.snort.org<mailto:snort-sigs at lists.snort.org>" <snort-sigs at lists.snort.org<mailto:snort-sigs at lists.snort.org>>
Subject: [Snort-sigs] false positive FYI
these Rule here:
119:33 (http_inspect) UNESCAPED SPACE IN HTTP URI
Cause some false positve on my setup.
it blocks Apple Facetime server IPs and steam akamaitechnologies IPs that seems to reffer to the Steam Network.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs