[Snort-users] msg update for these, please?

Jefferson, Shawn Shawn.Jefferson at ...14448...
Tue Sep 28 15:45:11 EDT 2010


Maybe something along the lines of:

WEB-CLIENT Request for exe file

and

WEB-CLIENT Portable Executable binary file transfer

which would explain what's happening a little better, and avoid potential confusion hopefully.

________________________________
From: Alex Kirk [mailto:akirk at ...1935...]
Sent: Tuesday, September 28, 2010 11:00 AM
To: wkitty42 at ...14940...
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] msg update for these, please?

Actually, they both look for PE files headed towards a client - the first looks for the PE signature itself coming down, the second for a request for a .exe.

Duplicate messages are generally no fun, though, so how about making the second one "WEB-CLIENT Portable Executable binary file transfer - .exe in URI"?
On Tue, Sep 28, 2010 at 1:48 PM, waldo kitty <wkitty42 at ...14940...<mailto:wkitty42 at ...14940...>> wrote:

can we get a MSG update for these, please??

OLD:
15306   WEB-CLIENT Portable Executable binary file transfer
16425   WEB-CLIENT Portable Executable binary file transfer

NEW:
15306   WEB-CLIENT Portable Executable binary file transfer to client
16425   WEB-CLIENT Portable Executable binary file transfer to server

or some such?

thanks!


------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



--
Alex Kirk
AEGIS Program Lead
Sourcefire Vulnerability Research Team
+1-410-423-1937
alex.kirk at ...1935...<mailto:alex.kirk at ...1935...>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100928/27ddf044/attachment.html>


More information about the Snort-users mailing list