[Snort-users] http_decode-ignorehosts?

Jeremiah Cruit-Salzberg - HQ J at ...1642...
Thu Mar 22 17:53:03 EST 2001


I'm new to this list so if this has been asked please excuse me (I looked
through the archives and FAQ).

Is there a way to do something like the portscan-ignorehosts for http_decode
(ie: http_decode-ignorehosts)?  I'm having just a huge false positive hit
showing up as IIS Unicode attack.  It comes from several of my customers who
use AOL mail and that triggers the response.

Thanks for any help!

--j


                  .&&&&,&&&&.
                   \  - -  /
                   (  @ @  )
   +------------oOOo-(_)-oOOo---+
   | J Cruit-Salzberg     	  |
   | Sr. LAN/WAN Engineer 	  |
   | Casey Family Programs	  |
   | j at ...1642...                |
   +------------------Oooo------+
              oooO   (   )
             (   )    ) /
              \ (    (_/
               \_)






More information about the Snort-users mailing list