[Snort-users] Rule question.. SID 1:1000103

waldo kitty wkitty42 at ...14940...
Wed Mar 13 20:40:32 EDT 2013


On 3/13/2013 16:18, Jeremy Hoel wrote:
> But there's no CVE or any other information to read about the rule..
> just that it looks for Joy9m along with User-Agent.  Lately this has
> been hitting on Joy0m in cookie data.. so I know it's a FP, but I want
> to find out if it can be disabled, but there not notes..  and my
> google-fu is failing me.

how old is the rule? that SID number looks pretty old...




More information about the Snort-users mailing list