Snort mailing list archives
RE: Problems with snort-2.1.0
From: Andreas Östling <andreaso () it su se>
Date: Wed, 14 Jan 2004 23:48:03 +0100 (CET)
On Wed, 14 Jan 2004, Daniel J. Roelker wrote:
Any other suggestions that users want in 2.1.1 for http_inspect or otherwise, please let us know.
Unfortunately I've not had a chance to play much with http_inspect yet so forgive me if I'm lost here, but one thing seems a bit strange to me. For clients that send multiple requets in the same tcp stream, two alerts will be generated for the same request. First for the actual packet containing the bad request and then for the rebuilt client stream which obviously contains the same request again among other stuff. Is this the expected behaviour? (I have examples with packet dumps if needed) /Andreas ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problems with snort-2.1.0 Schmehl, Paul L (Jan 12)
- <Possible follow-ups>
- RE: Problems with snort-2.1.0 Daniel J. Roelker (Jan 14)
- RE: Problems with snort-2.1.0 Andreas Östling (Jan 14)
- RE: Problems with snort-2.1.0 Daniel J. Roelker (Jan 15)
- Latest Snort 2.1.x on Solaris 8, Can anyone confirm please? Snortty (Mar 19)
- RE: Problems with snort-2.1.0 Andreas Östling (Jan 14)
- RE: Problems with snort-2.1.0 Schmehl, Paul L (Jan 14)
- RE: Problems with snort-2.1.0 DM (Jan 14)