Snort mailing list archives

Previous By Date Next
Previous By Thread Next

httptunnel catched by snort

From: "s.wun" <s.wun () thales-is com hk>
Date: Wed, 30 Oct 2002 18:07:23 +0800
Dear all,

I heard that snort 1.8.2 can be configured to catch httptunnel with remote
login (eg. telnet thru http tunnel), it should produce the following false
posstive:
      [**] WEB-MISC whisker splice attack [**]
but as far as I known, default rule configuration does not produce the above
signature with snort 1.8.2, it just keep silent. This is same as snort 1.9.

Does anyone know how to configure snort to catch httptunnel with remote
telnet?

Thanks
Sam



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: