[Snort-users] msg update for these, please?

Alex Kirk akirk at ...1935...
Tue Sep 28 15:55:09 EDT 2010


Well-put, Shawn. I just updated 16425 (for the next SEU, anyway) to read
"WEB-CLIENT request for Portable Executable binary file", that should do the
trick.

On Tue, Sep 28, 2010 at 3:45 PM, Jefferson, Shawn <
Shawn.Jefferson at ...14448...> wrote:

>  Maybe something along the lines of:
>
>
>
> WEB-CLIENT Request for exe file
>
>
>
> and
>
>
>
> WEB-CLIENT Portable Executable binary file transfer
>
>
>
> which would explain what’s happening a little better, and avoid potential
> confusion hopefully.
>
>
>  ------------------------------
>
> *From:* Alex Kirk [mailto:akirk at ...1935...]
> *Sent:* Tuesday, September 28, 2010 11:00 AM
> *To:* wkitty42 at ...14940...
> *Cc:* snort-users at lists.sourceforge.net
> *Subject:* Re: [Snort-users] msg update for these, please?
>
>
>
> Actually, they both look for PE files headed towards a client - the first
> looks for the PE signature itself coming down, the second for a request for
> a .exe.
>
>
>
> Duplicate messages are generally no fun, though, so how about making the
> second one "WEB-CLIENT Portable Executable binary file transfer - .exe in
> URI"?
>
> On Tue, Sep 28, 2010 at 1:48 PM, waldo kitty <wkitty42 at ...14940...>
> wrote:
>
>
> can we get a MSG update for these, please??
>
> OLD:
> 15306   WEB-CLIENT Portable Executable binary file transfer
> 16425   WEB-CLIENT Portable Executable binary file transfer
>
> NEW:
> 15306   WEB-CLIENT Portable Executable binary file transfer to client
> 16425   WEB-CLIENT Portable Executable binary file transfer to server
>
> or some such?
>
> thanks!
>
>
>
> ------------------------------------------------------------------------------
> Start uncovering the many advantages of virtual appliances
> and start using them to simplify application deployment and
> accelerate your shift to cloud computing.
> http://p.sf.net/sfu/novell-sfdev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>
> --
> Alex Kirk
> AEGIS Program Lead
> Sourcefire Vulnerability Research Team
> +1-410-423-1937
> alex.kirk at ...1935...
>



-- 
Alex Kirk
AEGIS Program Lead
Sourcefire Vulnerability Research Team
+1-410-423-1937
alex.kirk at ...1935...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100928/3854b58e/attachment.html>


More information about the Snort-users mailing list