bare byte unicode encoding

[psitton () sbcglobal net]

I've been using snort for a while and I've been seeing this
preprocessor based alert that's been confusing me. What has always
happened on my corp network is that hundreds of inside addresses
generate alerts going to the outside (mostly). users going to ebay,
amazon and hundreds of other target sites generate this. Typically in
one hour I'll usually get 3 to 4 thousand alerts from several hundred
inside source addresses going to 3 to 4 hundred different target
addresses. The only real info I have on this is in the
README.http_inspect. This has been happening for quite a while and I'm
having problems trying to figure this one out. Currently using 2.4.0
running on debian 3 and using the VRT rule set. Not sure where to go
from here.

Pat

-- 
mailto:psitton () sbcglobal net



-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users