Snort mailing list archives
reducing referrer false-positives
From: Doug White <dwhite () resnet uoregon edu>
Date: Wed, 11 Jul 2001 14:23:25 -0700 (PDT)
Hello, I've gotten snort to look at the data I want (finally) and are running the most recent rev. Now that it's taking the full brunt of our web traffic, it's logging lots of alerts on rule hits for things in the Referrer: field in the HTTP query. Has someone invented a way of deleting the Referrer: data, or only looking at the HTTP query itself to reduce the number of false positives? Doug White | FreeBSD: The Power to Serve dwhite () resnet uoregon edu | www.FreeBSD.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- reducing referrer false-positives Doug White (Jul 11)