This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

INDICATOR-OBFUSCATION Javascript indexOf rename attempt

It seems with 9.103 we are now getting heaps for these

INDICATOR-OBFUSCATION Javascript indexOf rename attempt

This seems to be slowing internet browsing down as well? What is this IPS attack and why is it happing?

This thread was automatically locked due to age.

Parents

0 BarryG over 11 years ago

Hi, I generally agree with you that rules should not be disabled because of one website, but looking at
Snort :: Changes 2013-05-09
it appears that Snort.org leaves these rules disabled by default (likely due to high false-positive rates), and Sophos has chosen to turn them on.

I'm finding that BallardDesigns' website won't work without disabling sid 26616, on UTM 9.006; "INDICATOR-OBFUSCATION Javascript indexOf rename attempt".

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 11 years ago

Hi, I generally agree with you that rules should not be disabled because of one website, but looking at
Snort :: Changes 2013-05-09
it appears that Snort.org leaves these rules disabled by default (likely due to high false-positive rates), and Sophos has chosen to turn them on.

I'm finding that BallardDesigns' website won't work without disabling sid 26616, on UTM 9.006; "INDICATOR-OBFUSCATION Javascript indexOf rename attempt".

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data