[Snort-users] Netflix

Paul Cable pcable at ...15769...
Tue Aug 21 10:49:23 EDT 2012


I am running Snort through the Alienvault Community edition.

We have a guy that likes to watch Netflix and use his Slingbox here. I'm not a big fan, but it hasn't affected our internet connection speeds so I can't really complain if it doesn't hurt his production.

The problem is Netflix produces a lot of:

snort: "WEB-CLIENT Mozilla multiple content-type headers malicious redirect attempt"

First comes one:

snort: "ET POLICY Netflix Streaming Player Access"

Followed by a very large amount of the malicious redirect attempt messages. I started up a video and let it play for about 3 minutes and it generated 50-100 of these events. IE and Firefox.

I can suppress them on my end, but it would be nice to have them as part of the definitions say they are Netflix related, since I don't think they should be considered malicious.

Then when I do get a malicious redirect attempt I won't think it's just Netflix.

I can provide more information or a pcap file if anyone needs more info.

Thanks,
PC



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120821/30c46351/attachment.html>


More information about the Snort-users mailing list