[Snort-sigs] FP with BLEEDING-EDGE Proxy POST Request -- 2001674

Russell Fulton r.fulton at ...575...
Wed Apr 6 17:31:37 EDT 2005


On Wed, 2005-04-06 at 18:37 -0500, Matt Jonkman wrote:
> How do you have HTTP_SERVERS defined? If that's not any, or is set to 
> HOME_NET then these falses won't happen.

Thanks Matt, of course, silly me.

Being a university site, we use snort to detect outgoing 'attacks' as
well as incoming so both $home_net and $external_net are set to any.

I'll just have to disable this rule in our context -- hmmm... or get
Oinkmaster to change the destination.

Cheers, Russell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2201 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20050406/c7eb770d/attachment.bin>


More information about the Snort-sigs mailing list