[Snort-users] Question on SID 18358

Joel Esler jesler at ...1935...
Fri Apr 8 15:06:53 EDT 2011


It's a generic FTP/HTTP stack that any program can load.

http://nsis.sourceforge.net/InetLoad_plug-in

Joel

On Fri, Apr 8, 2011 at 2:36 PM, Lay, James <james.lay at ...15009...> wrote:

>
>
> The user agent applies to the client request and is not associated with a
> particular URL.  If the application requesting the URL declares itself as
> User-Agent: NSIS_NETLOAD", then this rule will fire.
>
>
>
> Matt
>
>
>
>
>
> Thanks Matt….guess I was originally wondering if this was malicious or
> not…this link may help though:
>
> http://xp.yimg.com/gj/msgr/10/ini/ymsgr10_us.ini
>
> My guess is that this the appusage gets reported on install maybe, since
> I’ve never seen this fire until yesterday, and haven’t seen it since.  Very
> strange.
>
> James
>
>
> ------------------------------------------------------------------------------
> Xperia(TM) PLAY
> It's a major breakthrough. An authentic gaming
> smartphone on the nation's most reliable network.
> And it wants your games.
> http://p.sf.net/sfu/verizon-sfdev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
Joel Esler | http://blog.snort.org | http://vrt-blog.snort.org |
http://blog.clamav.net
Twitter:  http://twitter.com/snort
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20110408/010e3004/attachment.html>


More information about the Snort-users mailing list