Snort mailing list archives
http_inspect message
From: Mario Remy Almeida <mario.almeida () gmail com>
Date: Sun, 18 Sep 2011 21:10:25 +0400
Dear All,
I am new to snort.
I get lots of this message
[119:14:1] (http_inspect) NON-RFC DEFINED CHAR [**] [Classification:
Potentially Bad Traffic] [Priority: 2] {TCP}
Dose it mean I am in kind of DOS attack? can someone give me some tips
if I need to analyze it more or should I block such IPs?
------------------------------------------------------------------------------
BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA
http://p.sf.net/sfu/rim-devcon-copy2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- http_inspect message Mario Remy Almeida (Sep 18)
- Re: http_inspect message Martin Holste (Sep 18)
- Re: http_inspect message Mario Remy Almeida (Sep 18)
- Re: http_inspect message Martin Holste (Sep 18)
- Re: http_inspect message Mario Remy Almeida (Sep 18)
- Re: http_inspect message Martin Holste (Sep 18)
- Re: http_inspect message Jefferson, Shawn (Sep 19)
- Re: http_inspect message Mario Remy Almeida (Sep 18)
- Re: http_inspect message Martin Holste (Sep 18)