[Snort-users] Alert with bug?

Diego Cavalcante Fernandes diegomusic2000 at ...6873...
Wed Aug 24 08:00:41 EDT 2005

I have some signatures as example:
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE _vti_inf.html access"; flow:to_server,established; uricontent:"/_vti_inf.html"; nocase; reference:nessus,11455; classtype:web-application-activity; sid:990; rev:9;)

This signature generated some alerts.But the packets that had generated the alert don't have payload, they only have a ip and tcp header. How can this packet  generate alert without having the uricontent "/_vi_inf.html" specified in the signature ?

Yahoo! Acesso Grátis: Internet rápida e grátis. Instale o discador agora!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050824/84e38e13/attachment.html>

More information about the Snort-users mailing list