I am new to this so if I am placing this question in the wrong place, please
accept my appologies and provide the correct direction.
I am running a packet sniffer on my computer and I am seeing the following
request happening roughly once every three minutes. I am wondering if anyone
knows what is going on here.
GET
/api/livesuite/broker.asmx?{"header":{"client":{"isvalid":true,"license":"","proof":
"(there were a bunch of letters and numbers here but I removed in case it was a
gateway into an account I may have)
The address I am going to is: 63.240.26.65 (belonging to CERFnet).
I am mostly concerned with this being a URI buffer overflow. If anyone can
provide any insight, I would be extreemly greatful! I understand how the
overflow works. I am trying to find evidence to prove that this is a false
positive. I have looked up the aspx request and mostly what I came up with was
Squid reports. Proving that I am not the only one doesn't cut it for me
although supports the likelyhood that this is normal traffic. This request is
in the top 100 of the Squid Analysis Report. It is up there with another
request I am seeing: api.bigcharts.net/api/livesuite/pickup.asmx?
These requests are puzzeling to me. They are both popping up on my IDS as a URI
Buffer Overflow.
Thank you in advance if you can provide insight.
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
