Snort mailing list archives
spp_http_decode: CGI Null Byte attack detected
From: nowhere <nowhere () tear com>
Date: Tue, 03 Jul 2001 14:21:01 -0700
I am getting hits for "spp_http_decode: CGI Null Byte attack detected" for traffic to a vendor's web site. I've looked over the packet, and sure enough, the vendor is using a %00 as part of their form data. This traffic from an internal host to the vendor's site, and I'm sure it's not a hacker. How can I avoid this false positive? A reference that describes the spp stuff would be great too. I'm on Snort-1.7 with the most recent packet rules. Thanks! _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- spp_http_decode: CGI Null Byte attack detected nowhere (Jul 03)