[Snort-users] SID 1841

Romano, Chris CRomano at ...9382...
Mon Dec 29 11:55:08 EST 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

When some users visit netscape's site it is setting off an alert for
"WEB-CLIENT Javascript URL host spoofing attempt".  Specifically IPs
64.12.153.151 and 64.12.48.217.  Is this just bad coding on Netscape's
part or is this rule not written correctly?  I am using the most up to
date ruleset.  Is anyone else seeing this?

Thanks,
Chris Romano

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBP/CHAgvHK4/UMrUIEQId6gCfe8Si/GFRAaWukmSk6pDAyxdQvBkAn0IM
j9k3KcpUS58dlphfJCFq5ACR
=ojWE
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20031229/35c75b96/attachment.html>


More information about the Snort-users mailing list