[Snort-sigs] False positive with Nagios check_http

Carsten Schmitz cs-list-ids at ...2986...
Mon Feb 7 02:53:50 EST 2005


Hi fellow Snort-Users.

I keep getting the alert below from the office box running Nagios 1.2
checking my home web site (where Snort lives). Not sure if this is a false
positive, maybe the plugin violates some standard?

Comments welcome.



Rule:

nessus[bugtraq][snort] WEB-MISC Invalid HTTP Version String

--
Sid:

sid:2570; rev:7

--
Summary:

False positive from Nagios check_http

--
Impact:

--
Detailed Information:

 length = 97

000 : 47 45 54 20 2F 20 48 54 54 50 2F 31 2E 30 0D 0A   GET / HTTP/1.0..
010 : 55 73 65 72 2D 41 67 65 6E 74 3A 20 63 68 65 63   User-Agent: chec
020 : 6B 5F 68 74 74 70 2F 31 2E 35 34 20 28 6E 61 67   k_http/1.54 (nag
030 : 69 6F 73 2D 70 6C 75 67 69 6E 73 20 31 2E 34 2E   ios-plugins 1.4.
040 : 30 61 6C 70 68 61 31 29 0D 0A 48 6F 73 74 3A 20   0alpha1)..Host:
050 : 32 31 33 2E 38 34 2E 31 39 32 2E 37 33 0D 0A 0D   xxx.xx.xxx.xx...
060 : 0A                                                .

--
Affected Systems:

--
Attack Scenarios:

--
Ease of Attack:

--
False Positives:

--
False Negatives:

--
Corrective Action:

--
Contributors:

-- 
Additional References:


Regards

Carsten

-- My password is my cats name. Its called %§3u/z=hj(e. I rename it every
30 days.





More information about the Snort-sigs mailing list