Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
280
Views
5
Helpful
1
Replies

ids sig 3201

stith
Level 1
Level 1

‎02-11-2004 12:00 PM - edited ‎03-09-2019 06:23 AM

Alarm 3201 fired when user did a google search which included some words which are in the sig.

Alarm is a false postive. Should sig fire when only keywords appear? Attachment contains alarm contents.

Labels:
Preview file
994 KB
0 Helpful
1 Reply 1

mcerha
Level 3
Level 3

‎02-11-2004 01:52 PM

Agreed, the alarm is a false positive, but the signature did fire as it was designed to do. This signature is a catch-all for something that is usually suspicious to see in HTTP requests. Unfortunately, there isn't really anything we can do to prevent this type of problem without the use of filters or disabling the alarm. Perhaps it might make sense, to create filters for any UNIX web servers in your network. Or, just disable it outright.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents