Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort ET MALWARE User-Agent (Internet Explorer)

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      finalcut
      last edited by

      :( i have alot of this alret in snort  SID 1:2008052

      ET MALWARE User-Agent (Internet Explorer) on wan with no clue on lan

      1 Reply Last reply Reply Quote 0
      • F
        fsansfil
        last edited by

        CVE-2014-6332 is pretty big right now, and for a vulnerability that affects ALL Internet Explorer, be sure there will be many exploits out there….

        https://isc.sans.edu/forums/diary/How+bad+is+the+SCHANNEL+vulnerability+CVE-2014-6321+patched+in+MS14-066/18947/

        https://github.com/rapid7/metasploit-framework/pull/4255

        There are a couple of ET CURRENT EVENT rules covering those vulnerabilities...might want to run them on all interfaces

        Otherwise sniff the traffic with packet capture and lets see whats in those packets.

        F.

        1 Reply Last reply Reply Quote 0
        • F
          fsansfil
          last edited by

          Oh nevermind, maybe they are not realted after all… when i saw IE User-Agent thought it was the CVE-2014-6332...

          Still... packet capture some of those and we will check if its FP or what it is...

          F.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.