Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Preprocessors

From: Rob Ward <rob.ward () liverpool ac uk>
Date: Fri, 07 Apr 2006 11:05:35 +0100
I've also posted this on the forum so apologies for the cross posting. Can anyone offer some general advice on how to go about dealing with alerts generated by preprocessors? Alerts generated by rules seem to be easier to deal with as I can reference a specific vulnerability/exploit and take it from there.
Also I'm being swamped by http_inspect alerts and I'm pretty sure 99% if not more of these are false positives. How do you determine the gen/sig id of preprocessor alerts for thresholding? 

Regards

Rob Ward
University of Liverpool
Computing Services Department 

-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: