[Emerging-Sigs] Gzipped Posts
Frank Knobbe
frank at knobbe.us
Mon Mar 31 10:55:28 EST 2008
On Thu, 2008-03-27 at 23:50 -0400, dxp wrote:
> Had the sig running ever since the post on a fairly large and
> distributed network without a single hit. HTTP traffic inspected is
> both internal and external.
You don't run many Windows systems, do you?
In fact, there was a massive amount of false positives that we've seen.
Some sites include codecs.microsoft.com and other benign sites.
Matt has disabled that sig by default now afaik. Enable if you like, but
be careful. More falses than not.
-Frank
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.emergingthreats.net/pipermail/emerging-sigs/attachments/20080331/41ae05b7/attachment.bin
More information about the Emerging-sigs
mailing list