[Snort-users] Long basic authorization string
Sheahan, Paul (PCLN-NW)
Paul.Sheahan at ...2218...
Mon Oct 15 15:08:02 EDT 2001
I'm seeing more and more "Long basic authorization string" alerts lately.
They are triggered by this rule:
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 (msg:"WEB-MISC long basic
authorization string"; flags:A+; content:"Authorization\: Basic "; nocase;
dsize:>1000; classtype:attempted-dos; reference:bugtraq,3230; sid:1260;
Is anyone else seeing this? I have been looking for details on this but
haven't found much. I want to get an idea if it is something to be concerned
More information about the Snort-users