Quantcast
Channel: Sophos User Bulletin Board
Viewing all articles
Browse latest Browse all 14361

Possible faulty IPS/Snort update on 09 FEB about 12:34 UTC

$
0
0
I see in the German Forum that my customers weren't the only ones that experienced new false positives after this.

Did anyone else experience this? The customers I had to help were on 7.510 or 7.511.

SID 12798 "SHELLCODE base64 x86 NOOP" (reported in the German Forum)
SID 15935 DNS responses from internal sources to internal sources
SID 17750 "DOS Microsoft IIS 7.5 client verify null pointer attempt"

And a bunch of SIDs concerning responses from web servers
4136, 5910, 6690, 6692, 6699, 6701, 11263, 12633, 12798, 16222, 16663 and 17543

Anyone else? Are these new rules or newly turned-on rules because of a new threat or???

Cheers - Bob

Viewing all articles
Browse latest Browse all 14361

Trending Articles