[Snort-sigs] 1:11672, 3:11672 BROWSER-OTHER Mozilla Network Security Services SSLv2 stack overflow attempt
sthames42 at gmail.com
Thu Jun 28 12:30:04 EDT 2018
In my pfSense Snort IDS/IPS, I am seeing an increasing number of these
alerts from customer network IPs. These are large orgs with, potentially,
hundreds of clients NATed to a single public IP.
This a very old threat and I'm reasonably sure the clients are not using a
10-year-old version of Mozilla, Thunderbird, SeaMonkey, or Java to access
our web servers.
Can someone shed some light on why we would be seeing an increasing number
of these alerts?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs