[Snort-sigs] false positive FYI

Al Lewis (allewi) allewi at cisco.com
Thu Dec 7 14:59:55 EST 2017


Hello,

Can you send a sample of the traffic?

Thanks.

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi at cisco.com<mailto:allewi at cisco.com>

From: Snort-sigs <snort-sigs-bounces at lists.snort.org<mailto:snort-sigs-bounces at lists.snort.org>> on behalf of Daniel Schreiber <scrober at outlook.de<mailto:scrober at outlook.de>>
Date: Thursday, December 7, 2017 at 2:45 PM
To: "snort-sigs at lists.snort.org<mailto:snort-sigs at lists.snort.org>" <snort-sigs at lists.snort.org<mailto:snort-sigs at lists.snort.org>>
Subject: [Snort-sigs] false positive FYI

Hello,

these Rule here:
119:33 (http_inspect) UNESCAPED SPACE IN HTTP URI

Cause some false positve on my setup.

it blocks Apple Facetime server IPs and steam akamaitechnologies IPs that seems to reffer to the Steam Network.

Greetings



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20171207/2e0235c0/attachment.html>


More information about the Snort-sigs mailing list