Snort mailing list archives
Re: snort http_inspect
From: Jeremy Hewlett <jh () sourcefire com>
Date: Tue, 11 May 2004 14:24:44 -0400
On Tue, May 11, nyarlathothep () libero it wrote:
Hello everyone, I have a question about the use of the Snorts preprocessors: I've installed Snort on a Linux box and I've tried from outside to do a APACHE CHUNKED ENCODE (Bugtraq ID: 5033, CVE:). Snort records in the database only the http_inspect data, so : (http_inspect) OVERSIZE CHUNK ENCODING but it dsnt activate the rules, one of those I think:
This sounds like you've stumbled on a known issue. What version are you using? Snort 2.1.2+ has this fix. ------------------------------------------------------- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort http_inspect nyarlathothep () libero it (May 11)
- Re: snort http_inspect sgt_b (May 11)
- Re: snort http_inspect Jeremy Hewlett (May 11)
- Re: snort http_inspect alerts still flooding on snort 2.1.2.... Snortty (May 21)