[7.910][BUG][FIXED] IPS Alerts caused by Astaro Websites...

Just FYI: Are this your forums?

2010:05:13-11:06:41 t-home snort[17373]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="WEB-MISC text/html content-type without HTML - possible malware C&C" group="211" srcip="85.115.22.9" dstip="10.10.10.252" proto="6" srcport="80" dstport="50169" sid="16460" class="Detection of a non-standard protocol or event" priority="2" generator="1" msgid="0"

My whois tells me:
inetnum:        85.115.22.0 - 85.115.22.31
netname:        TXX-ASTARO-HOSTING
descr:          Astaro AG
descr:          Amalienbadstrasse 36
descr:          D-76227 Karlsruhe
country:        DE
admin-c:        JH386-RIPE
tech-c:         TXX100-RIPE
status:         ASSIGNED PA
mnt-by:         TXX-MNT
source:         RIPE # Filtered

best regards,

t-work ;-)

Parents

0 kbr over 15 years ago

*Sigh*

Sometimes these hunt for 'false positives' is getting really really annoying... ;-)

But thanks for reporting this!
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 kbr over 15 years ago

*Sigh*

Sometimes these hunt for 'false positives' is getting really really annoying... ;-)

But thanks for reporting this!
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 BrucekConvergent over 15 years ago in reply to kbr

Rule 16460 causes false positives on all sorts of different sites; I'd just disable it.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel