Hello,
Last night and this morning after the latest signature release s472 I have been getting hammered with alerts from this signature - nids http evasion - signature 24339. The description says it fires on the occurence of %3f in the URL. The description also says there are no known begnin alerts, however I am not sure that is the case. I have attached the a few random packet captures from the IPS that this signature is firing on. Anyone else seeing this?