Snort mailing list archives
bare byte unicode encoding
From: psitton () sbcglobal net
Date: Thu, 18 Aug 2005 10:35:33 -0500
I've been using snort for a while and I've been seeing this preprocessor based alert that's been confusing me. What has always happened on my corp network is that hundreds of inside addresses generate alerts going to the outside (mostly). users going to ebay, amazon and hundreds of other target sites generate this. Typically in one hour I'll usually get 3 to 4 thousand alerts from several hundred inside source addresses going to 3 to 4 hundred different target addresses. The only real info I have on this is in the README.http_inspect. This has been happening for quite a while and I'm having problems trying to figure this one out. Currently using 2.4.0 running on debian 3 and using the VRT rule set. Not sure where to go from here. Pat -- mailto:psitton () sbcglobal net ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- bare byte unicode encoding psitton (Aug 18)