Snort mailing list archives
Re: http_inspect
From: Jason Wallace <jason.r.wallace () gmail com>
Date: Tue, 10 Nov 2009 14:42:17 -0500
Per the docs... IMPORTANT: The 'yes/no' argument does not specify whether the configuration option itself is on or off, only the alerting functionality. On Tue, Nov 10, 2009 at 1:32 PM, Jefferson, Shawn <Shawn.Jefferson () bcferries com> wrote:
Hi, I’m looking at tuning the http_inspect pre-processor, specifically some of the false positives I get from this. My question is, if you set some of these options: u_encode no bare_byte no iis_unicode no double_decode no Will that affect the ability for snort to process some of the http specific rules in the ruleset? Does it affect the normalization of http traffic, or just turn off these specific alerts? -- Shawn ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- http_inspect Jefferson, Shawn (Nov 10)
- Re: http_inspect Jason Wallace (Nov 10)
- Re: http_inspect Jefferson, Shawn (Nov 10)
- Re: http_inspect Jason Wallace (Nov 10)