[Oisf-devel] many FP on uricontent example
rmkml
rmkml at free.fr
Tue May 25 11:20:28 UTC 2010
Thx for reply Will,
with git today (2910759943484cd7e3401bebcc286f06b17b6045), I have same pb on my pcap example.
Regards
Rmkml
On Tue, 25 May 2010, Will Metcalf wrote:
> Have you tried the new master Victor just pushed? This bug should be fixed.
> Regards,
> Will
>
> On Tue, May 25, 2010 at 5:57 AM, rmkml <rmkml at free.fr> wrote:
>> Hi,
>> Maybe this pb is already known?
>> With pcap joigned and this (old) sig:
>> alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-IIS
>> ping.asp access"; flow:to_server,established; uricontent:"/ping.asp";
>> nocase; reference:nessus,10968; classtype:web-application-activity;
>> sid:2667; rev:2;)
>> I have many (8) alerts:
>> 03/29/09-08:03:06.416199 [**] [1:2667:2] WEB-IIS ping.asp access [**]
>> [Classification: access to a potentially vulnerable web application]
>> [Priority: 3] {6} 10.50.1.118:2030 -> 194.245.144.33:80 [Xref =>
>> http://cgi.nessus.org/plugins/dump.php3?id=10968]
>> ...
>> If anyone confirm is not known, I fill a new ticket...
>> Regards
>> Rmkml
More information about the Oisf-devel
mailing list