Snort mailing list archives

Re: UNKNOWN METHOD

From: waldo kitty <wkitty42 () windstream net>
Date: Thu, 07 Nov 2013 13:50:17 -0500

On 11/7/2013 12:44 PM, Jorge G. Perez wrote:

preprocessor http_inspect_server: server default \

      http_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK \
                     UNLOCK NOTIFY POLL BCOPY BDELETE BMOVE LINK \
                     UNLINK OPTIONS HEAD DELETE TRACE TRACK CONNECT \
                     SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH \
                     BPROPFIND BPROPPATCH RPC_CONNECT PROXY_SUCCESS \
                     BITS_POST CCM_POST SMS_POST RPC_IN_DATA RPC_OUT_DATA
RPC_ECHO_DATA } \


some googling finds a message from Matt Watchinski on 11 DEC 2012 that says that 
any http methods not in the list will cause an alert... this says that you are 
getting http requests for something else than the above as the method... you 
need to find the snort.log.xxxxxxxxxx file with this pcap part and inspect it to 
see what method is being used in the request... wireshark or some other pcap 
tool should come in handy to show you the details of the request...

here's the link to the post i found... matt's post is the 4th one...
https://groups.google.com/forum/#!topic/mailing.unix.snort/Yzdp8-ggDBw

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
November Webinars for C, C++, Fortran Developers
Accelerate application performance with scalable programming models. Explore
techniques for threading, error checking, porting, and tuning. Get the most 
from the latest Intel processors and coprocessors. See abstracts and register
http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

UNKNOWN METHOD Jorge G. Perez (Nov 07)
- Re: UNKNOWN METHOD Mayur Patil (Nov 07)
  - Message not available
    - Re: UNKNOWN METHOD Mayur Patil (Nov 07)
- Re: UNKNOWN METHOD waldo kitty (Nov 07)
- Re: UNKNOWN METHOD waldo kitty (Nov 07)