Snort mailing list archives

false positive from NASA Realtime Satellite Tracking

From: wkitty42 () windstream net
Date: Sat, 20 Aug 2016 10:01:40 -0400


i'm seeing the following rules being triggered from

   http://spaceflight1.nasa.gov/realdata/tracking/index.html

but i'm not sure the best way to allow this site as the java stuff seems to be 
being pulled from multiple IPs on AWS...


Rule ID:        1:2016540:2 - ET CURRENT_EVENTS SUSPICIOUS JAR Download by Java UA 
with non JAR EXT matches various EKs
Date:   08/20 09:37:57  Priority:       2       Class Type:     Potentially Bad Traffic
IP info:        54.243.106.158:80 -> 75.89.xxx.223:59296        References:     none found

Rule ID:        1:2014472:5 - ET INFO JAVA - Java Archive Download
Date:   08/20 09:37:57  Priority:       1       Class Type:     A Network Trojan was detected
IP info:        54.243.106.158:80 -> 75.89.xxx.223:59296        References:     none found

Rule ID:        1:27816:9 - EXPLOIT-KIT Multiple exploit kit jar file download attempt
Date:   08/20 09:37:57  Priority:       1       Class Type:     A Network Trojan was detected
IP info:        54.243.106.158:80 -> 75.89.xxx.223:59296        References:     none found


-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

false positive from NASA Realtime Satellite Tracking wkitty42 (Aug 20)
- Re: [Emerging-Sigs] false positive from NASA Realtime Satellite Tracking Will Metcalf (Aug 22)