[Snort-users] Long basic authorization string

Sheahan, Paul (PCLN-NW) Paul.Sheahan at ...2218...
Mon Oct 15 15:08:02 EDT 2001

I'm seeing more and more "Long basic authorization string" alerts lately.
They are triggered by this rule:

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC long basic
authorization string"; flags:A+; content:"Authorization\: Basic "; nocase;
dsize:>1000; classtype:attempted-dos; reference:bugtraq,3230; sid:1260;

Is anyone else seeing this? I have been looking for details on this but
haven't found much. I want to get an idea if it is something to be concerned


More information about the Snort-users mailing list