Snort mailing list archives

Re: snort http_inspect

From: Jeremy Hewlett <jh () sourcefire com>
Date: Tue, 11 May 2004 14:24:44 -0400

On Tue, May 11, nyarlathothep () libero it wrote:

Hello everyone,
I have a question about the use of the Snorts preprocessors:
I've installed Snort on  a Linux box and I've tried from outside to do a APACHE
CHUNKED ENCODE (Bugtraq ID: 5033, CVE:).
Snort records in the database only the http_inspect data, so :  (http_inspect)
OVERSIZE CHUNK ENCODING
but it dsnt activate the rules, one of those I think:


This sounds like you've stumbled on a known issue. What version are
you using? Snort 2.1.2+ has this fix.




-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

snort http_inspect nyarlathothep () libero it (May 11)
- Re: snort http_inspect sgt_b (May 11)
- Re: snort http_inspect Jeremy Hewlett (May 11)
  - Re: snort http_inspect alerts still flooding on snort 2.1.2.... Snortty (May 21)