[Snort-users] Snort Alert[1:16482:8]

Michael Steele michaels at ...9077...
Tue Mar 26 12:44:53 EDT 2013

Is it possible users could be spoofing their x browser to appear to be IE?

Best regards,

WINSNORT.com Management Team Member
****************** Established ~ 2001 *******************
*          Visit Us @ http://www.winsnort.com           *
*      ~~ FREE WinIDS Snort installation guides ~~      *
*               ~~ FREE support forums ~~               *
* Snort: Open Source Network IDS - http://www.snort.org *

-----Original Message-----
From: Castle, Shane [mailto:scastle at ...14946...] 
Sent: Tuesday, March 26, 2013 12:32 PM
To: 'Kee, Scott'; 'snort-users at lists.sourceforge.net'
Subject: Re: [Snort-users] Snort Alert[1:16482:8]

The info I have suggests that this rule has a very low or zero FP rate,
indicating that you are mistaken and that there are really some IE 6 and 7
browsers on your net. I'd suggest following up on the IP addresses to see
what is going on.

Of course, it's possible that the alerts are being generated from browsers
outside your network if you do not have $EXTERNAL_NET and $HOME_NET set up

Shane Castle
Data Security Mgr, Boulder County IT

-----Original Message-----
From: Kee, Scott [mailto:Scott.Kee at ...16186...] 
Sent: Tuesday, March 26, 2013 08:38
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort Alert[1:16482:8]

I recently installed Snort on my Ubuntu machine.    I am receiving a lot of
16482:8 alerts.  It is Microsoft ie 6 and 7 vulnerability alert.

I don't have any users who are on using IE 6 or 7.  What is triggering this
alert?  Is this safe to ignore?





Own the Future-Intel® Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game 
on Steam. $5K grand prize plus 10 genre and skill prizes. 
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort

More information about the Snort-users mailing list