[Snort-users] interesting problem...
wkitty42 at ...14940...
Fri Sep 24 14:22:20 EDT 2010
i've been working on adjusting my environment to use the VRT published
snort.conf for 184.108.40.206... i'm in the process of live testing and trying to
figure out why some things are being alerted on... one of those is
3:13974:2 WEB-CLIENT Internet Explorer XHTML element memory corruption attempt
1. at least i know that my SO rules are working because this is a GID:3 rule :)
2. this rule is being triggered at the following URL
3. we do not use IE for browsing
so why is this rule being triggered on the snort.org forums?? when i whitelist
that IP, i can get there and read the messages quite easily... is something
broken on the forum or is there possibly some advertising stuff there that's
coming in that i'm not seeing because of my ad and script blocking??
More information about the Snort-users