[Snort-sigs] 1:11672, 3:11672 BROWSER-OTHER Mozilla Network Security Services SSLv2 stack overflow attempt

Steve Thames sthames42 at gmail.com
Thu Jun 28 12:30:04 EDT 2018

In my pfSense Snort IDS/IPS, I am seeing an increasing number of these
alerts from customer network IPs. These are large orgs with, potentially,
hundreds of clients NATed to a single public IP.


This a very old threat and I'm reasonably sure the clients are not using a
10-year-old version of Mozilla, Thunderbird, SeaMonkey, or Java to access
our web servers.


Can someone shed some light on why we would be seeing an increasing number
of these alerts?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20180628/c11a18a6/attachment.html>

More information about the Snort-sigs mailing list