Snort mailing list archives

Looking for info re: snort rules hard coded i.e.[119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING

From: "Bruce L. Donlin" <BLDonlin () thebarriergroup com>
Date: Thu, 26 Aug 2004 10:37:35 -0500

Is there an easy way of getting information regarding the alerts
generated by snort, but not documented in the snort signature database?
 
Examples:
 [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING 
 [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING 
 [119:2:1] (http_inspect) DOUBLE DECODING ATTACK 
 
Bruce L. Donlin
The Barrier Group

 

email: BLDonlin () thebarriergroup com
 
Phone Main:  763.422.3776
Fax               763.421.6454

Current thread:

Looking for info re: snort rules hard coded i.e.[119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING Bruce L. Donlin (Aug 27)
- Re: Looking for info re: snort rules hard coded i.e.[119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING Brian (Aug 27)