[Snort-users] Rule question.. SID 1:1000103

Jeremy Hoel jthoel at ...11827...
Wed Mar 13 21:51:56 EDT 2013


Ha!  Never mind.. I see that I missed it in my local rules.. I have no
idea why it was there vs somewhere else. Normally our local rules have
a special indicator..

Time to go home..


On Thu, Mar 14, 2013 at 12:40 AM, waldo kitty <wkitty42 at ...14940...> wrote:
> On 3/13/2013 16:18, Jeremy Hoel wrote:
>> But there's no CVE or any other information to read about the rule..
>> just that it looks for Joy9m along with User-Agent.  Lately this has
>> been hitting on Joy0m in cookie data.. so I know it's a FP, but I want
>> to find out if it can be disabled, but there not notes..  and my
>> google-fu is failing me.
>
> how old is the rule? that SID number looks pretty old...
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_mar
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list