Snort mailing list archives

http_inspect: UNKNOWN METHOD

From: Greg Williams <gwillia5 () uccs edu>
Date: Tue, 11 Dec 2012 18:16:32 +0000

I updated the rules (free VRT) last Friday and didn't look at the alerts until today.  I've received 158,000 alerts for 
http_inspect: UNKNOWN METHOD.  SID is 119-31. alert ( msg: "HI_CLIENT_UNKNOWN_METHOD"; sid: 31; gid: 119; rev: 1; 
metadata: rule-type preproc ; classtype:unknown; )

I don't see a reason for this, and I can put a threshold on this rule, but is anyone else seeing the same kind of 
alerts within the past few days?

Greg Williams
IT Security Principal
University of Colorado at Colorado Springs
Phone: 719-255-3211
Website: http://www.uccs.edu/itsecure
greg.williams () uccs edu<mailto:greg.williams () uccs edu>

------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

http_inspect: UNKNOWN METHOD Greg Williams (Dec 11)
- Re: http_inspect: UNKNOWN METHOD Jeremy Hoel (Dec 11)
  - Re: http_inspect: UNKNOWN METHOD Greg Williams (Dec 11)
    - Re: http_inspect: UNKNOWN METHOD Matt Watchinski (Dec 11)
    - Re: http_inspect: UNKNOWN METHOD Greg Williams (Dec 11)
    - Re: http_inspect: UNKNOWN METHOD Nick Randolph (Dec 14)