Home page logo
/

snort logo Snort mailing list archives

Re: Rule 17494
From: Tomas Heredia <tomas.heredia () activesec biz>
Date: Fri, 01 Oct 2010 16:20:43 -0300

 It was trigerring a lot for me too.
I´ve removed it from my config.

El 01/10/2010 04:08 p.m., Jefferson, Shawn escribió:
Anyone else notice this rule, 17494 triggering a lot today?  Or is it
just me... it's an old vulnerability from 2006.
 
alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"WEB-CLIENT
Microsoft Internet Explorer Long URL Buffer Overflow attempt";
flow:established,to_server; urilen:>260; content:"GET"; http_method;
content:"HTTP|2F|1|2E|1|0D 0A|"; metadata:service http;
reference:bugtraq,19667; reference:cve,2006-3869;
classtype:attempted-user; sid:17494; rev:1;)
 
*-- *
*Shawn Jefferson, IT Security*, GCIH, GCFA
British Columbia Ferry Services Inc.
Tel: (250) 978-1508
Fax: (250) 405-3533
_Shawn.Jefferson () bcferries com_ <mailto:Shawn.Jefferson () bcferries com>
*|** *_www.bcferries.com_ <http://www.bcferries.com>
 
 
 


------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]