Snort mailing list archives

(http_inspect) NON-RFC HTTP DELIMITER

From: Peggy Kam <ppkam () n-dsi com>
Date: Mon, 01 Mar 2004 15:52:21 -0500

Hi,

Does anyone know which rule triggers the following alert?

[**] [119:13:1] (http_inspect) NON-RFC HTTP DELIMITER [**]

03/01-15:36:12.922251 0:A:E6:89:42:65 -> 0:40:F4:6B:59:55 type:0x800len:0x5E192.168.22.30:4497 -> 192.168.22.205:80 TCP TTL:128 TOS:0x0 ID:57615IpLen:20 DgmLen:80 DF

***AP*** Seq: 0x6D579DE1  Ack: 0x83A999D7  Win: 0x4470  TcpLen: 20


I do not seem to find the rule anywhere that triggers that.

Thanks in advance,
Peggy



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

SNORT has memory leak on Linux Red hat 9 Kumar, Manoj (Feb 27)
- Re: [Snort-devel] SNORT has memory leak on Linux Red hat 9 Ian Macdonald (Feb 27)
- Re: SNORT has memory leak on Linux Red hat 9 ypwhich (Feb 27)
  - Re: SNORT has memory leak on Linux Red hat 9 twig les (Feb 27)
- <Possible follow-ups>
- RE: SNORT has memory leak on Linux Red hat 9 SN ORT (Mar 01)
  - (http_inspect) NON-RFC HTTP DELIMITER Peggy Kam (Mar 01)