RES: Snort - http_inspect

["Hugo Leonardo Ferrer Rebello" <Hugo.Rebello () t-systems com br>]

I'll check it.

 

Thank you.

 

________________________________

De: jcummings () sourcefire com [mailto:jcummings () sourcefire com] Em nome de JJ Cummings
Enviada em: quinta-feira, 16 de julho de 2009 13:53
Para: Hugo Leonardo Ferrer Rebello
Cc: snort-users () lists sourceforge net
Assunto: Re: [Snort-users] Snort - http_inspect

 

Then do exactly what Joel said.. you need to suppress them

On Thu, Jul 16, 2009 at 10:39 AM, Hugo Leonardo Ferrer Rebello <Hugo.Rebello () t-systems com br> wrote:

I'm trying to avoid alerts from these hosts.

 

 

________________________________

De: jcummings () sourcefire com [mailto:jcummings () sourcefire com] Em nome de JJ Cummings
Enviada em: quinta-feira, 16 de julho de 2009 12:59
Para: Hugo Leonardo Ferrer Rebello
Cc: snort-users () lists sourceforge net
Assunto: Re: [Snort-users] Snort - http_inspect

 

Are you trying to avoid alerts from these hosts, or do you genuinely want to not have the data pass through the 
http_inspect preprocessor for some specific reason?

On Thu, Jul 16, 2009 at 9:39 AM, Hugo Leonardo Ferrer Rebello <Hugo.Rebello () t-systems com br> wrote:

Hello guys,

 

Do you know how to ignore some source hosts from preprocessor http_inspect ? Is it possible ?

 

Thank you.

 

Cheers,

 

Hugo Rebello
Security Specialist 
T-Systems do Brasil Ltda

 

E-Mail: hugo.rebello () t-systems com br
www.t-systems.com.br

 

´Esta mensagem pode conter informação confidencial e/ou privilegiada. Se você não for o destinatário ou a pessoa 
autorizada a receber esta mensagem, não pode usar, copiar ou divulgar as informações nela contidas ou tomar qualquer 
ação baseada nessas informações. Se você recebeu esta mensagem por engano, por favor, avise imediatamente o remetente, 
respondendo o e-mail e em seguida apague-a. Agradecemos a sua cooperação.

 

This message may contain confidential and/or privileged information. If you are not the addressee or authorized to 
receive this for the addressee, you must not use, copy, disclose or take any action based on this message or any 
information herein. If you have received this message in error, please advise the sender immediately by reply e-mail 
and delete this message. Thank you for your cooperation.

 


------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge
This is your chance to win up to $100,000 in prizes! For a limited time,
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize
details at: http://p.sf.net/sfu/Challenge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users <https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>  list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

 





------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge  
This is your chance to win up to $100,000 in prizes! For a limited time, 
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize  
details at: http://p.sf.net/sfu/Challenge

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users