[Snort-users] Rule 17494

Joel Esler jesler at ...1935...
Fri Oct 1 16:06:02 EDT 2010


Yes, this rule has been redone and will be released shortly. 

Thanks for all the reports, we appreciate them. 


Sent from my iPhone

On Oct 1, 2010, at 3:20 PM, Tomas Heredia <tomas.heredia at ...12297...> wrote:

> It was trigerring a lot for me too.
> I´ve removed it from my config.
> 
> El 01/10/2010 04:08 p.m., Jefferson, Shawn escribió:
>> 
>> Anyone else notice this rule, 17494 triggering a lot today?  Or is it just me… it’s an old vulnerability from 2006.
>>  
>> alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"WEB-CLIENT Microsoft Internet Explorer Long URL Buffer Overflow attempt"; flow:established,to_server; urilen:>260; content:"GET"; http_method; content:"HTTP|2F|1|2E|1|0D 0A|"; metadata:service http; reference:bugtraq,19667; reference:cve,2006-3869; classtype:attempted-user; sid:17494; rev:1;)
>>  
>> --
>> Shawn Jefferson, IT Security, GCIH, GCFA
>> British Columbia Ferry Services Inc.
>> Tel: (250) 978-1508
>> Fax: (250) 405-3533
>> Shawn.Jefferson at ...14448... | www.bcferries.com
>>  
>>  
>>  
>>  
>> ------------------------------------------------------------------------------
>> Start uncovering the many advantages of virtual appliances
>> and start using them to simplify application deployment and
>> accelerate your shift to cloud computing.
>> http://p.sf.net/sfu/novell-sfdev2dev
>> 
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> ------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
> http://p.sf.net/sfu/novell-sfdev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20101001/72611bf9/attachment.html>


More information about the Snort-users mailing list