[Snort-sigs] FP with BLEEDING-EDGE Proxy POST Request -- 2001674
r.fulton at ...575...
Wed Apr 6 17:31:37 EDT 2005
On Wed, 2005-04-06 at 18:37 -0500, Matt Jonkman wrote:
> How do you have HTTP_SERVERS defined? If that's not any, or is set to
> HOME_NET then these falses won't happen.
Thanks Matt, of course, silly me.
Being a university site, we use snort to detect outgoing 'attacks' as
well as incoming so both $home_net and $external_net are set to any.
I'll just have to disable this rule in our context -- hmmm... or get
Oinkmaster to change the destination.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2201 bytes
Desc: not available
More information about the Snort-sigs