Snort mailing list archives

Previous By Date Next
Previous By Thread Next

UNKNOWN METHOD

From: "Jorge G. Perez" <jorgep () pa co cu>
Date: Thu, 07 Nov 2013 12:44:31 -0500
some body help pleace:

what is:
11/07-11:21:40.768863  [**] [119:31:1] http_inspect: UNKNOWN METHOD [**] 
[Classification: Unknown Traffic] [Priority: 3] {TCP}


my config http:

preprocessor http_inspect: global iis_unicode_map unicode.map 1252 \
                            compress_depth 65535 \
                            decompress_depth 65535 \
                            memcap 603979776

preprocessor http_inspect_server: server default \

     http_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK \
                    UNLOCK NOTIFY POLL BCOPY BDELETE BMOVE LINK \
                    UNLINK OPTIONS HEAD DELETE TRACE TRACK CONNECT \
                    SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH \
                    BPROPFIND BPROPPATCH RPC_CONNECT PROXY_SUCCESS \
                    BITS_POST CCM_POST SMS_POST RPC_IN_DATA RPC_OUT_DATA 
RPC_ECHO_DATA } \

     chunk_length 500000 \
     server_flow_depth 0 \
     client_flow_depth 0 \
     post_depth 0 \
     oversize_dir_length 600 \
     max_header_length 0 \
     max_headers 1024 \
     max_spaces 200 \
     small_chunk_length { 10 5 } \
     ports { 80 81 8080 8081 3128 3000 56712 34412 } \
     non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
     enable_cookie \
     extended_response_inspection \
     normalize_utf \
     normalize_headers \
     normalize_cookies \
     normalize_javascript \
     apache_whitespace no \
     ascii no \
     bare_byte no \
     directory no \
     double_decode no \
     iis_backslash no \
     iis_delimiter no \
     iis_unicode no \
     multi_slash no \
     utf_8 no \
     u_encode yes \
     webroot no \
     enable_xff



------------------------------------------------------------------------------
November Webinars for C, C++, Fortran Developers
Accelerate application performance with scalable programming models. Explore
techniques for threading, error checking, porting, and tuning. Get the most 
from the latest Intel processors and coprocessors. See abstracts and register
http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: