This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS / Snort Problem with v8

Hello,

i have some problems with snort rule 13974, i can't access the following site:

Telekom | Mobilfunk - Handys - iPhone - Flatrate (german mobile phone provider, site loads except dynamic navigation menu on top)

i have read the Snort SID Page for that rule => no false positives/negatives known.

is this a false alert, so i can disable this specific rule ?


Message........: WEB-CLIENT Internet Explorer XHTML element memory corruption attempt
Details........: www.snort.org/.../13974
Time...........: 2010:07:28-00:07:23
Packet dropped.: yes
Priority.......: 1high
Classification.: Attempted User Privilege Gain
IP protocol....: 6 (TCP)

btw: the link to the snort-search page gives a 500 server error for a few days now

This thread was automatically locked due to age.

0 krbc over 15 years ago

I posted a similar question on 7/19 regarding snort rule 13974.  I'm having the same problem using the latest 7.50x version.   I submitted a request to support this week to get their opinion on the risks associated with disabling the rule.

In essence, they said go ahead - "To do this, go to network security > advanced and enter the rule number into the modified rules box.  don't disable the rule, but switch it to notify only."

We implemented the change today.  We've had 3 URL's, some buried deep on certain websites that haven't worked for months.  I discovered yet another one, earlier this week.
Cancel
Vote Up 0 Vote Down

Cancel
0 ChrisW28 over 15 years ago in reply to krbc

There was a pattern update today, but i have still some issues with the rule above.

It is strange:

The SSL Version of the site works without error, the dynamic menu loads - without SSL not.

Telekom | Mobilfunk - Handys - iPhone - Flatrate
https://www.t-mobile.de/
Cancel
Vote Up 0 Vote Down

Cancel