Home page logo

snort logo Snort mailing list archives

17494 Falsing on non IE6 systems
From: "Weir, Jason" <jason.weir () nhrs org>
Date: Wed, 27 Oct 2010 08:37:38 -0400

Tons of false positives on machines running IE7 & 8...

Maybe do a content match on the IE6 user agent - something like
content:"compatible; MSIE 6."

Microsoft Internet Explorer Long URL Buffer Overflow attempt";
flow:established,to_server; urilen:>260; content:"GET"; http_method;
content:"HTTP|2F|1|2E|1|0D 0A|"; metadata:service http;
reference:bugtraq,19667; reference:cve,2006-3869;
classtype:attempted-user; sid:17494; rev:1;)



Please visit www.nhrs.org to subscribe to NHRS email announcements and updates.
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
Snort-sigs mailing list
Snort-sigs () lists sourceforge net

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]