[Snort-users] Alert help, web-client 3ivx MP4 file parsing cmt buffer overflow attempt
Shawn.Jefferson at ...14448...
Wed Mar 25 18:44:25 EDT 2009
I had an alert triggered today, WEB-CLIENT 3ivx MP4 file parsing cmt buffer overflow attempt (1:13318), and I'm thinking this is a false positive. The snort page for the alert doesn't list any known false positives.
Some of the payload info:
HTTP/1.1 200 OK
Date: Wed, 25 Mar 2009 20:51:54 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Set-Cookie: made_write_conn=1238014314; path=/; domain=.facebook.com
Set-Cookie: cur_max_lag=3; path=/; domain=.facebook.com; httponly
Also, if this is a false positive, how do I go about helping fill out the snort alert DB on the website?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users