[Snort-sigs] 1:11672, 3:11672 BROWSER-OTHER Mozilla Network Security Services SSLv2 stack overflow attempt

Steve Thames sthames42 at gmail.com
Thu Jun 28 12:30:04 EDT 2018


In my pfSense Snort IDS/IPS, I am seeing an increasing number of these
alerts from customer network IPs. These are large orgs with, potentially,
hundreds of clients NATed to a single public IP.

 

This a very old threat and I'm reasonably sure the clients are not using a
10-year-old version of Mozilla, Thunderbird, SeaMonkey, or Java to access
our web servers.

 

Can someone shed some light on why we would be seeing an increasing number
of these alerts?

 

Thanks.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20180628/c11a18a6/attachment.html>


More information about the Snort-sigs mailing list