[8.160][BUG][FIXED] ipv6 sites give ips false+

Hello Friends !

while browsing
ipv6.cnn.com and ipv6.pcworld.com

  2011:03:04-11:44:46 acenn snort[7580]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt" group="500" srcip="2404:6800:8006:0000:0000:0000:0000:0068" dstip="2002[:D]b40:5bfd:0000:0000:0000:0000:0001" proto="6" srcport="80" dstport="59131" sid="17276" class="Attempted User Privilege Gain" priority="1"  generator="1" msgid="0"
2011:03:04-11:54:53 acenn snort[7580]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="WEB-CLIENT Web-client IFRAME src javascript code execution" group="320" srcip="2001:0470:0000:0064:0000:0000:0000:0002" dstip="2002[:D]b40:5bfd:0000:0000:0000:0000:0001" proto="6" srcport="80" dstport="48985" sid="3679" class="Attempted User Privilege Gain" priority="1"  generator="1" msgid="0"
2011:03:04-12:01:59 acenn snort[7580]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt" group="500" srcip="2620:0100:e000:0000:0000:0000:0000:8001" dstip="2002[:D]b40:5bfd:0000:0000:0000:0000:0001" proto="6" srcport="80" dstport="34160" sid="17276" class="Attempted User Privilege Gain" priority="1"  generator="1" msgid="0"
2011:03:04-12:02:03 acenn snort[7580]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt" group="500" srcip="2001:0470:854c:0024:0000:0000:0000:0006" dstip="2002[:D]b40:5bfd:0000:0000:0000:0000:0001" proto="6" srcport="80" dstport="45268" sid="17276" class="Attempted User Privilege Gain" priority="1"  generator="1" msgid="0"
2011:03:04-12:02:04 acenn snort[7580]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt" group="500" srcip="2620:0100:e000:0000:0000:0000:0000:8001" dstip="2002[:D]b40:5bfd:0000:0000:0000:0000:0001" proto="6" srcport="80" dstport="34216" sid="17276" class="Attempted User Privilege Gain" priority="1"  generator="1" msgid="0"
2011:03:04-12:02:31 acenn snort[7580]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="WEB-CLIENT obfuscated javascript excessive fromCharCode - potential attack" group="320" srcip="2620:0100:e000:0000:0000:0000:0000:8001" dstip="2002[:D]b40:5bfd:0000:0000:0000:0000:0001" proto="6" srcport="80" dstport="34235" sid="15362" class="Misc activity" priority="3"  generator="1" msgid="0"
2011:03:04-12:02:36 acenn snort[7580]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt" group="500" srcip="2001:0470:854c:0024:0000:0000:0000:0006" dstip="2002[:D]b40:5bfd:0000:0000:0000:0000:0001" proto="6" srcport="80" dstport="45328" sid="17276" class="Attempted User Privilege Gain" priority="1"  generator="1" msgid="0"
2011:03:04-12:02:52 acenn snort[7580]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt" group="500" srcip="2620:0100:e000:0000:0000:0000:0000:8001" dstip="2002[:D]b40:5bfd:0000:0000:0000:0000:0001" proto="6" srcport="80" dstport="34325" sid="17276" class="Attempted User Privilege Gain" priority="1"  generator="1" msgid="0"
2011:03:04-12:05:42 acenn snort[7580]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt" group="500" srcip="2620:0100:e000:0000:0000:0000:0000:8001" dstip="2002[:D]b40:5bfd:0000:0000:0000:0000:0001" proto="6" srcport="80" dstport="34402" sid="17276" class="Attempted User Privilege Gain" priority="1"  generator="1" msgid="0"
2011:03:04-12:05:50 acenn snort[7580]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt" group="500" srcip="2620:0100:e000:0000:0000:0000:0000:8001" dstip="2002[:D]b40:5bfd:0000:0000:0000:0000:0001" proto="6" srcport="80" dstport="34427" sid="17276" class="Attempted User Privilege Gain" priority="1"  generator="1" msgid="0"
2011:03:04-12:06:52 acenn snort[7580]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="WEB-CLIENT HTML DOM invalid DHTML comment creation attempt" group="500" srcip="2607:f0d0:1000:0011:0001:0000:0000:0001" dstip="2002[:D]b40:5bfd:0000:0000:0000:0000:0001" proto="6" srcport="80" dstport="53951" sid="16300" class="Attempted User Privilege Gain" priority="1"  generator="1" msgid="0"
2011:03:04-12:10:16 acenn snort[7580]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt" group="500" srcip="2620:0100:e000:0000:0000:0000:0000:8001" dstip="2002[:D]b40:5bfd:0000:0000:0000:0000:0001" proto="6" srcport="80" dstport="56507" sid="17276" class="Attempted User Privilege Gain" priority="1"  generator="1" msgid="0"
2011:03:04-12:10:23 acenn snort[7580]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt" group="500" srcip="2620:0100:e000:0000:0000:0000:0000:8001" dstip="2002[:D]b40:5bfd:0000:0000:0000:0000:0001" proto="6" srcport="80" dstport="56547" sid="17276" class="Attempted User Privilege Gain" priority="1"  generator="1" msgid="0"
2011:03:04-12:11:31 acenn snort[7580]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt" group="500" srcip="2620:0100:e000:0000:0000:0000:0000:8001" dstip="2002[:D]b40:5bfd:0000:0000:0000:0000:0001" proto="6" srcport="80" dstport="56635" sid="17276" class="Attempted User Privilege Gain" priority="1"  generator="1" msgid="0"
2011:03:04-12:11:35 acenn snort[7580]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt" group="500" srcip="2620:0100:e000:0000:0000:0000:0000:8001" dstip="2002[:D]b40:5bfd:0000:0000:0000:0000:0001" proto="6" srcport="80" dstport="56668" sid="17276" class="Attempted User Privilege Gain" priority="1"  generator="1" msgid="0"

i think with this link http://ipv6.cnn.com/2011/POLITICS/03/03/gingrich.candidacy/index.html
thanks

Parents

0 Astaro Beta Bot over 14 years ago

Astaro Beta Report

--------------------------------

Version: 8.160

Type: BUG

State: ASSIGNED/FIXED

Reporter: utm_kid+

Contributor: 

MantisID: 17034

Target version: 

Fixed in version: 

--------------------------------

Reply

0 Astaro Beta Bot over 14 years ago

Astaro Beta Report

--------------------------------

Version: 8.160

Type: BUG

State: ASSIGNED/FIXED

Reporter: utm_kid+

Contributor: 

MantisID: 17034

Target version: 

Fixed in version: 

--------------------------------

Children

No Data