[Snort-users] Snort Alert[1:16482:8]

James Lay jlay at ...13475...
Tue Mar 26 13:08:54 EDT 2013


> -----Original Message-----
> From: Kee, Scott [mailto:Scott.Kee at ...16186...]
> Sent: Tuesday, March 26, 2013 08:38
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Snort Alert[1:16482:8]
>
> I recently installed Snort on my Ubuntu machine.    I am receiving a 
> lot of
> 16482:8 alerts.  It is Microsoft ie 6 and 7 vulnerability alert.
>
> I don't have any users who are on using IE 6 or 7.  What is 
> triggering this
> alert?  Is this safe to ignore?
>
>
>
> Thanks


Keep in mind that we are targeting the vulnerability.  As such, the 
server could be responding with possible vulnerable code relevant to IE, 
and this rule doesn't check User Agent.  If you're not running any IE in 
your environment, you may want to consider commenting out the 
browser-ie.rules.  Hope that helps.

James




More information about the Snort-users mailing list