Snort mailing list archives
Re: RES: Snort - http_inspect
From: Matt Olney <molney () sourcefire com>
Date: Fri, 17 Jul 2009 03:57:25 -0400
What kind of awesomeness did you do to get an http_inspect directory traversal alert on UDP 161 traffic? Or am I missing something? Matt On Fri, Jul 17, 2009 at 1:38 AM, Nerijus Krukauskas<nkrukauskas () gmail com> wrote:
On 2009-07-16, Hugo Leonardo Ferrer Rebello <Hugo.Rebello () t-systems com br> wrote:Could you help to understand gen_id and sig_id from suppress sintaxe ? I created the rules below, but it's not working. suppress gen_id 119, sig_id 16, track by_src, ip 10.58.xxx.xxxhttp_inspect is NOT gen_id 1. From the doc/README.http_inspect: "HTTP Inspect used generator ID 119 and 120." RTFM! :) Oh, and http://www.joelesler.net/finshake/The_Snort_Drinking_Game.html. :) -- http://nk99.org/ ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort - http_inspect Hugo Leonardo Ferrer Rebello (Jul 16)
- Re: Snort - http_inspect JJ Cummings (Jul 16)
- RES: Snort - http_inspect Hugo Leonardo Ferrer Rebello (Jul 16)
- Re: Snort - http_inspect JJ Cummings (Jul 16)
- RES: Snort - http_inspect Hugo Leonardo Ferrer Rebello (Jul 16)
- RES: Snort - http_inspect Hugo Leonardo Ferrer Rebello (Jul 16)
- Re: RES: Snort - http_inspect Nerijus Krukauskas (Jul 16)
- Re: RES: Snort - http_inspect Matt Olney (Jul 17)
- Re: RES: Snort - http_inspect Nerijus Krukauskas (Jul 17)
- Re: RES: Snort - http_inspect Matt Olney (Jul 17)
- RES: RES: Snort - http_inspect Hugo Leonardo Ferrer Rebello (Jul 17)
- Re: RES: Snort - http_inspect Matt Olney (Jul 17)
- RES: RES: Snort - http_inspect Hugo Leonardo Ferrer Rebello (Jul 17)
- RES: Snort - http_inspect Hugo Leonardo Ferrer Rebello (Jul 16)
- Re: Snort - http_inspect JJ Cummings (Jul 16)