[Snort-users] Long basic authorization string

Sheahan, Paul (PCLN-NW) Paul.Sheahan at ...2218...
Mon Oct 15 15:08:02 EDT 2001


I'm seeing more and more "Long basic authorization string" alerts lately.
They are triggered by this rule:

alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC long basic
authorization string"; flags:A+; content:"Authorization\: Basic "; nocase;
dsize:>1000; classtype:attempted-dos; reference:bugtraq,3230; sid:1260;
rev:2;)

Is anyone else seeing this? I have been looking for details on this but
haven't found much. I want to get an idea if it is something to be concerned
about......


Thanks,
Paul 




More information about the Snort-users mailing list