Snort mailing list archives

Previous By Date Next
Previous By Thread Next

http_inspect tuning issue

From: "Castle, Shane" <scastle () bouldercounty org>
Date: Mon, 2 Jul 2012 22:53:50 +0000
I am getting thousands of 120:8 alerts (http_inspect: MESSAGE WITH INVALID CONTENT-LENGTH OR CHUNK SIZE) and I can't 
figure out how to tune http_inspect so that they aren't triggered. Any info on this would be appreciated.

Yes, I've read README:http_inspect. And then I read it again. It provided no insights. 

Snort details:
Version 2.9.2.2 IPv6 GRE (Build 121)
Using libpcap version 1.2.1
Using PCRE version: 8.12 2011-01-15
Using ZLIB version: 1.2.3.4

-- 
Shane Castle
Data Security Mgr, Boulder County IT
CISSP GSEC GCIH



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: