pcable at ...15769...
Tue Aug 21 10:49:23 EDT 2012
I am running Snort through the Alienvault Community edition.
We have a guy that likes to watch Netflix and use his Slingbox here. I'm not a big fan, but it hasn't affected our internet connection speeds so I can't really complain if it doesn't hurt his production.
The problem is Netflix produces a lot of:
snort: "WEB-CLIENT Mozilla multiple content-type headers malicious redirect attempt"
First comes one:
snort: "ET POLICY Netflix Streaming Player Access"
Followed by a very large amount of the malicious redirect attempt messages. I started up a video and let it play for about 3 minutes and it generated 50-100 of these events. IE and Firefox.
I can suppress them on my end, but it would be nice to have them as part of the definitions say they are Netflix related, since I don't think they should be considered malicious.
Then when I do get a malicious redirect attempt I won't think it's just Netflix.
I can provide more information or a pcap file if anyone needs more info.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users