Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HTTP Inspect with only a GET request.

From: James Lay <digitalx00 () gmail com>
Date: Wed, 22 May 2013 12:09:18 -0600

On May 22, 2013, at 12:03 PM, Joel Esler <jesler () sourcefire com> wrote:


On May 22, 2013, at 1:08 PM, Russ Combs <rcombs () sourcefire com> wrote:

On Wed, May 22, 2013 at 11:27 AM, Shawn Lee <dashawn () gmail com> wrote:

Thanks for the input. That works great on static files. Is there a way to
have this work with snort listening to an interface in IDS mode?


Presently, not without the ACK.


To clarify, this will work if you use "preprocessor normalize_tcp: ips" directive in your snort.conf.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire


Will this work even if you're not running IPS mode?  I've always wondered to leave the IPS mode jazz in my config or 
not..thanks Joel.

James


------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: