Joel Esler (jesler)
jesler at ...589...
Mon Jan 27 21:46:01 EST 2014
On Jan 27, 2014, at 7:47 PM, waldo kitty <wkitty42 at ...14940...<mailto:wkitty42 at ...14940...>> wrote:
On 1/27/2014 12:59 PM, Lil Evil wrote:
downloaded until the comment is reached and then it ll stop further downloading
is being executed, or any at all, but my expectation would be that the complete
stream would be blocked.
a block or alert can't be initiated until a match has been made ;)
But your display says that not all the code makes it, and the traffic is dropped. That being said, that rule is simply looking for a comment on a page. There are lots of these types of comments, not exactly sure what they are attributed to.
However, theory is that they belong to a tool called “iFRAMER”. (Best resource I can give you is this: http://malware.dontneedcoffee.com/2013/09/cookie-bomb-iframer-way.html ) Sometimes the comments are removed when the iframe is cleaned up, sometimes they aren’t.
Open Source Manager
Vulnerability Research Team
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users