Snort mailing list archives
http_inspect message
From: Mario Remy Almeida <mario.almeida () gmail com>
Date: Sun, 18 Sep 2011 21:10:25 +0400
Dear All, I am new to snort. I get lots of this message [119:14:1] (http_inspect) NON-RFC DEFINED CHAR [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} Dose it mean I am in kind of DOS attack? can someone give me some tips if I need to analyze it more or should I block such IPs? ------------------------------------------------------------------------------ BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA http://p.sf.net/sfu/rim-devcon-copy2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- http_inspect message Mario Remy Almeida (Sep 18)
- Re: http_inspect message Martin Holste (Sep 18)
- Re: http_inspect message Mario Remy Almeida (Sep 18)
- Re: http_inspect message Martin Holste (Sep 18)
- Re: http_inspect message Mario Remy Almeida (Sep 18)
- Re: http_inspect message Martin Holste (Sep 18)
- Re: http_inspect message Jefferson, Shawn (Sep 19)
- Re: http_inspect message Mario Remy Almeida (Sep 18)
- Re: http_inspect message Martin Holste (Sep 18)