Snort mailing list archives
Re-2: your mail
From: "Julien VARLET" <jvarlet () aressi fr>
Date: Wed, 18 Oct 2006 15:47:22 +0000
no -------- Original Message -------- Subject: Re: [Snort-users] your mail (18-oct.-2006 17:33) From: Phil Wood <cpw () lanl gov> To: jvarlet () aressi fr
Could it be that your users are attacking websites? On Wed, Oct 18, 2006 at 03:19:51PM +0000, Julien VARLET wrote:I have these problems when my users browse websites, so I cannot tunned it. -------- Original Message -------- Subject: Re: [Snort-users] DOUBLE DECODING ATTACK (13-oct.-2006 12:46) From: Joel Esler <joel.esler () sourcefire com> To: jvarlet () aressi frHave you tuned your http_inspect_server lines to accurately reflect your http servers? J On Oct 13, 2006, at 6:12 AM, Julien VARLET wrote:Hi, I get a lot of DOUBLE DECODING ATTACK when http preprocessor is active, but it is only false positives... I do not want to desactivate http preprocessor. How can I do ? Thanks. To: snort.user () gmail com snort-users () lists sourceforge net snort-devel () lists sourceforge net ---------------------------------------------------------------------- --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel? cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users+---------------------------------------------------------------------+ joel esler senior security consultant 1-706-627-2101 Sourcefire Security for the /Real/ World -- http://www.sourcefire.com Snort - Open Source Network IPS/IDS -- http://www.snort.org gpg key: http://demo.sourcefire.com/jesler.pgp.key aim:eslerjoel ymsg:eslerjoel gtalk:eslerj +---------------------------------------------------------------------+ ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Phil Wood (cpw_at-sign_lanl.gov) ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
To: cpw () lanl gov Cc: snort-users () lists sourceforge net ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re-2: your mail Julien VARLET (Oct 18)