[Snort-users] msg update for these, please?
wkitty42 at ...14940...
Tue Sep 28 16:02:28 EDT 2010
On 9/28/2010 15:45, Jefferson, Shawn wrote:
> Maybe something along the lines of:
> WEB-CLIENT Request for exe file
> WEB-CLIENT Portable Executable binary file transfer
> which would explain what’s happening a little better, and avoid potential
> confusion hopefully.
yep, this is pretty close to what i came up with in my recent post on this
thread now that it has been pointed out that 16425 is a GET request and not a
POST or just a general either/or rule...
i have to wait to see if i get an answer to what 16425 would look like if it
were a POST rule, though... it may be possible, without having actually tested
it (yet) that it will fire on things it is not intended to fire on... it is
extremely generic with only the one content:".exe"; in it...
More information about the Snort-users