Snort mailing list archives
http_inspect tuning issue
From: "Castle, Shane" <scastle () bouldercounty org>
Date: Mon, 2 Jul 2012 22:53:50 +0000
I am getting thousands of 120:8 alerts (http_inspect: MESSAGE WITH INVALID CONTENT-LENGTH OR CHUNK SIZE) and I can't figure out how to tune http_inspect so that they aren't triggered. Any info on this would be appreciated. Yes, I've read README:http_inspect. And then I read it again. It provided no insights. Snort details: Version 2.9.2.2 IPv6 GRE (Build 121) Using libpcap version 1.2.1 Using PCRE version: 8.12 2011-01-15 Using ZLIB version: 1.2.3.4 -- Shane Castle Data Security Mgr, Boulder County IT CISSP GSEC GCIH ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- http_inspect tuning issue Castle, Shane (Jul 02)
- Re: http_inspect tuning issue waldo kitty (Jul 02)
- Re: http_inspect tuning issue Castle, Shane (Jul 03)
- Re: http_inspect tuning issue Joel Esler (Jul 03)
- Re: http_inspect tuning issue waldo kitty (Jul 03)
- Re: http_inspect tuning issue Sunny James Fugate (Jul 03)
- Re: http_inspect tuning issue Joel Esler (Jul 04)
- Re: http_inspect tuning issue Castle, Shane (Jul 03)
- Re: http_inspect tuning issue waldo kitty (Jul 02)
- <Possible follow-ups>
- Re: http_inspect tuning issue Lay, James (Jul 03)
- Re: http_inspect tuning issue Castle, Shane (Jul 03)