Snort mailing list archives
spp_http_decode
From: niko () digitalenigma com
Date: Mon, 2 Jul 2001 14:16:29 -0400 (EDT)
I am getting many, many spp_http_decode (IIS Unicode attack detected & CGI Null Byte attack detected). I know how to rid myself of these alerts by adding: preprocessor http_decode: 80 8080 -unicode -cginull However, I am relectant to do this because I am not 100% sure what I am doing in this respect. By disabling this feature, will I now miss any "real alerts"? What are my options to minimize the amount of false alerts without compromising security? Again, any info or suggestions are greatly apprteciated. Thanks, Bryan _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- spp_http_decode niko (Jul 02)
- Re: spp_http_decode Blake Frantz (Jul 02)
- using snort without an IP Addy Frontgate Lab (Jul 02)
- Re: using snort without an IP Addy Blake Frantz (Jul 02)
- Re: using snort without an IP Addy Frontgate Lab (Jul 02)
- Re: using snort without an IP Addy Blake Frantz (Jul 02)
- Re: using snort without an IP Addy Blake Frantz (Jul 02)
- Re: spp_http_decode Vitaly Osipov (Jul 03)