[Snort-users] Rule 17494

Tomas Heredia tomas.heredia at ...12297...
Fri Oct 1 15:20:43 EDT 2010


 It was trigerring a lot for me too.
I´ve removed it from my config.

El 01/10/2010 04:08 p.m., Jefferson, Shawn escribió:
> Anyone else notice this rule, 17494 triggering a lot today?  Or is it
> just me... it's an old vulnerability from 2006.
>  
> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"WEB-CLIENT
> Microsoft Internet Explorer Long URL Buffer Overflow attempt";
> flow:established,to_server; urilen:>260; content:"GET"; http_method;
> content:"HTTP|2F|1|2E|1|0D 0A|"; metadata:service http;
> reference:bugtraq,19667; reference:cve,2006-3869;
> classtype:attempted-user; sid:17494; rev:1;)
>  
> *-- *
> *Shawn Jefferson, IT Security*, GCIH, GCFA
> British Columbia Ferry Services Inc.
> Tel: (250) 978-1508
> Fax: (250) 405-3533
> _Shawn.Jefferson at ...14991... <mailto:Shawn.Jefferson at ...14448...>
> *|** *_www.bcferries.com_ <http://www.bcferries.com>
>  
>  
>  
>
>
> ------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
> http://p.sf.net/sfu/novell-sfdev2dev
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20101001/ebeffc21/attachment.html>


More information about the Snort-users mailing list