Snort mailing list archives
Re: http_inspect
From: "Jefferson, Shawn" <Shawn.Jefferson () bcferries com>
Date: Tue, 10 Nov 2009 12:43:49 -0700
Thanks, I guess I missed that in the docs! Shawn -----Original Message----- From: Jason Wallace [mailto:jason.r.wallace () gmail com] Sent: Tuesday, November 10, 2009 11:42 AM To: Jefferson, Shawn Cc: Snort Users List Subject: Re: [Snort-users] http_inspect Per the docs... IMPORTANT: The 'yes/no' argument does not specify whether the configuration option itself is on or off, only the alerting functionality. On Tue, Nov 10, 2009 at 1:32 PM, Jefferson, Shawn <Shawn.Jefferson () bcferries com> wrote:
Hi, I'm looking at tuning the http_inspect pre-processor, specifically some of the false positives I get from this. My question is, if you set some of these options: u_encode no bare_byte no iis_unicode no double_decode no Will that affect the ability for snort to process some of the http specific rules in the ruleset? Does it affect the normalization of http traffic, or just turn off these specific alerts? -- Shawn ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- http_inspect Jefferson, Shawn (Nov 10)
- Re: http_inspect Jason Wallace (Nov 10)
- Re: http_inspect Jefferson, Shawn (Nov 10)
- Re: http_inspect Jason Wallace (Nov 10)