[Snort-users] False Positive on VRT 28039

Joel Esler (jesler) jesler at ...589...
Tue Nov 26 23:04:29 EST 2013


Maybe indicator-compromise is the wrong category. 

--
Joel Esler
Intelligence Lead
Open Source Manager
Vulnerability Research Team

> On Nov 26, 2013, at 19:39, "Jeremy Hoel" <jthoel at ...11827...> wrote:
> 
> Rule is looking for .pw as indicator of compromise however upworthy
> bought u.pw as a URL shortener.  Maybe modify the rule to exclude that
> domain?
> 
> http://www.thedomains.com/2013/06/03/upworthy-com-buys-u-pw-as-url-shortener/
> 
> ------------------------------------------------------------------------------
> Rapidly troubleshoot problems before they affect your business. Most IT 
> organizations don't have a clear picture of how application performance 
> affects their revenue. With AppDynamics, you get 100% visibility into your 
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list