cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1479
Views
0
Helpful
6
Replies

NIDS HTTP evasion - Signature 24339

PWCSinfosec
Level 1
Level 1

Hello,

Last night and this morning after the latest signature release s472 I have been getting hammered with alerts from this signature - nids http evasion - signature 24339.  The description says it fires on the occurence of %3f in the URL.  The description also says there are no known begnin alerts, however I am not sure that is the case.  I have attached the a few random packet captures from the IPS that this signature is firing on.  Anyone else seeing this?

6 Replies 6

scottyschafer
Level 1
Level 1