[Snort-users] SID 1841

Romano, Chris CRomano at ...9382...
Mon Dec 29 12:00:06 EST 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

When some users visit Netscape's site it is setting off an alert for
"WEB-CLIENT JavaScript URL host spoofing attempt".  Specifically IPs
64.12.153.151 and 64.12.48.217.  Is this just bad coding on Netscape's
part or is this rule not written correctly?  I am using the most up to
date ruleset.  Is anyone else seeing this?

Thanks,
Chris Romano

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBP/CINwvHK4/UMrUIEQKI7QCeNPxRD+KwWKcLovnCK441EzRnecsAoObT
XM6OGvPC7dQd49EwlYAtMdH7
=tV4p
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20031229/ab69d548/attachment.html>


More information about the Snort-users mailing list