Snort mailing list archives
http_inspect: UNKNOWN METHOD
From: Greg Williams <gwillia5 () uccs edu>
Date: Tue, 11 Dec 2012 18:16:32 +0000
I updated the rules (free VRT) last Friday and didn't look at the alerts until today. I've received 158,000 alerts for http_inspect: UNKNOWN METHOD. SID is 119-31. alert ( msg: "HI_CLIENT_UNKNOWN_METHOD"; sid: 31; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:unknown; ) I don't see a reason for this, and I can put a threshold on this rule, but is anyone else seeing the same kind of alerts within the past few days? Greg Williams IT Security Principal University of Colorado at Colorado Springs Phone: 719-255-3211 Website: http://www.uccs.edu/itsecure greg.williams () uccs edu<mailto:greg.williams () uccs edu>
------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- http_inspect: UNKNOWN METHOD Greg Williams (Dec 11)
- Re: http_inspect: UNKNOWN METHOD Jeremy Hoel (Dec 11)
- Re: http_inspect: UNKNOWN METHOD Greg Williams (Dec 11)
- Re: http_inspect: UNKNOWN METHOD Matt Watchinski (Dec 11)
- Re: http_inspect: UNKNOWN METHOD Greg Williams (Dec 11)
- Re: http_inspect: UNKNOWN METHOD Nick Randolph (Dec 14)
- Re: http_inspect: UNKNOWN METHOD Greg Williams (Dec 11)
- Re: http_inspect: UNKNOWN METHOD Jeremy Hoel (Dec 11)