[Snort-devel] question about http false positive ...

fde fde at ...1415...
Mon Aug 12 00:56:03 EDT 2002


Hello,

I am a question on http protocol,

exist there in snort a means of filtering HTTP header ? : YES !

but is there a means of collecting the response of the srv ?

and of, determine if the request has to relate to the srv ?
(like nfr)

example clt : GET /rdo HTTP/1.0
example srv : HTTP/1.1 404 Not found ....

if it is said that the request is an attack,
one can say that it is less significant because the srv answered well ...

Best Regards.





More information about the Snort-devel mailing list