Snort mailing list archives

Re: Question: Snort-Alerts do not fire when traffic goesthru proxy

From: Victor Roemer <viroemer () cisco com>
Date: Fri, 27 Mar 2015 14:29:35 -0400

Claus,

Is your proxy injecting additional headers into the HTTP traffic? (usualsuspect). Try bumping the "server_flow_depth" and "client_flow_depth"values in your Snort configuration.


On 03/23/15 10:07, Claus Regelmann wrote:

Message was discarded by filter '\Custom\Strong\PHP' on line 2

Envelope (RCP file content):
Message-ID: B0439260505 () spam1 mmcdmz mehealth org
Return-path: snort-users-bounces () lists sourceforge net
Received-From-MTA: lists.sourceforge.net (unverified [216.34.181.88])
Arrival-Date: 1426729877 (Wed, 18 Mar 2015 21:51:17 -0400)
Origin-IP: 216.34.181.88
X-Modus-WasEncrypted: YES
X-Modus-BlackList: 216.34.181.88=OK;snort-users-bounces () lists sourceforge net=OK
X-Modus-RBL: 216.34.181.88=OK
X-Modus-Trusted: 216.34.181.88=NO
X-Modus-Audit: TRUE;5;-28051960418533861;130716210777740000
X-CustID: 687
X-Modus-BuildNumber: 214.18364
DomainKey-Status: 0
Resolved-Return-path: snort-users-bounces () lists sourceforge net
X-Modus-BATV: OFF
X-Modus-SRSRBL: OK
X-Sender-Origin: EXTERNAL

Recipient: brownr () mmc org
Original-Address: brownr () mmc org
Dsn-Original-Recipient: rfc822;brownr () mmc org
Local-Status: Incoming



------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Question: Snort-Alerts do not fire when traffic goesthru proxy Claus Regelmann (Mar 23)
- Re: Question: Snort-Alerts do not fire when traffic goesthru proxy Victor Roemer (Mar 27)