[Snort-users] http_decode preprocessor

Martin Roesch roesch at ...421...
Mon Mar 12 02:03:38 EST 2001


Check out the latest version of Snort from
http://snort.sourceforge.net/snort-daily.tar.gz and try out the new
unidecode preprocessor while disabling UNICODE and NULL attack detection
in http_decode using the -unicode and -null arguments to the http_decode
preprocessor...

   -Marty

Alexandre Florio wrote:
> 
>         How can I set up what I want to http_decode preprocessor to log?
>         I'm running snort fine, but I'm getting too much output about things that
> I know that aren't attacks...
> 
>         For instance:
> 
> -- Mar  7 08:44:15 firewall snort[26748]: spp_http_decode: CGI Null Byte attack detected: <host_on_MY_network>:1807 -> <outside_host>:80
> 
> TIA
> 
> Alexandre Florio
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users

--
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list