Snort mailing list archives
Re: UNKNOWN METHOD
From: waldo kitty <wkitty42 () windstream net>
Date: Thu, 07 Nov 2013 13:50:17 -0500
On 11/7/2013 12:44 PM, Jorge G. Perez wrote:
preprocessor http_inspect_server: server default \ http_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK \ UNLOCK NOTIFY POLL BCOPY BDELETE BMOVE LINK \ UNLINK OPTIONS HEAD DELETE TRACE TRACK CONNECT \ SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH \ BPROPFIND BPROPPATCH RPC_CONNECT PROXY_SUCCESS \ BITS_POST CCM_POST SMS_POST RPC_IN_DATA RPC_OUT_DATA RPC_ECHO_DATA } \
some googling finds a message from Matt Watchinski on 11 DEC 2012 that says that any http methods not in the list will cause an alert... this says that you are getting http requests for something else than the above as the method... you need to find the snort.log.xxxxxxxxxx file with this pcap part and inspect it to see what method is being used in the request... wireshark or some other pcap tool should come in handy to show you the details of the request... here's the link to the post i found... matt's post is the 4th one... https://groups.google.com/forum/#!topic/mailing.unix.snort/Yzdp8-ggDBw -- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ November Webinars for C, C++, Fortran Developers Accelerate application performance with scalable programming models. Explore techniques for threading, error checking, porting, and tuning. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- UNKNOWN METHOD Jorge G. Perez (Nov 07)
- Re: UNKNOWN METHOD Mayur Patil (Nov 07)
- Message not available
- Re: UNKNOWN METHOD Mayur Patil (Nov 07)
- Message not available
- Re: UNKNOWN METHOD Mayur Patil (Nov 07)
- Re: UNKNOWN METHOD waldo kitty (Nov 07)
- Re: UNKNOWN METHOD waldo kitty (Nov 07)