File: 1320.txt

package info (click to toggle)
snort 2.7.0-20.4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 34,512 kB
  • ctags: 18,772
  • sloc: ansic: 115,404; sh: 10,893; makefile: 1,372; perl: 487; sql: 213
file content (64 lines) | stat: -rw-r--r-- 1,094 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
Rule:  
--
Sid:

1320

--
Summary:
This rule indicates that a webpage was visited the included the content "fuck movies".

--
Impact:
Someone could be violating your company's policy regarding the browsing of inappropriate content.

--
Detailed Information:

This rule looks for a response from a webserver containing "fuck movies".

--
Affected Systems:

All

--
Attack Scenarios:

Not an attack.  

--
Ease of Attack:

N/A.

--
False Positives:

This could have been caused by a pop-up window or spam with an embedded link to a pornographic website.  This could also be caused by somebody visiting the snort rule descriptions on the snort website.  This rule could also be triggered by visiting the website of somebody who really really doesn't like movies.

--
False Negatives:

None known.
--
Corrective Action:

Dependent on your company's policies.   

--
Contributors:
Sourcefire Research Team
Brian Caswell <bmc@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>
Snort documentation contributed by Steven Alexander<alexander.s@mccd.edu>
-- 
Additional References:







--