[Snort-users] http_decode-ignorehosts?

Matt W. kmx at ...1644...
Thu Mar 22 20:15:35 EST 2001


Yup, check out the new CVS code, I wrote a patch for this a little while back

-matt
www.farm9.com

Jeremiah Cruit-Salzberg - HQ wrote:

> I'm new to this list so if this has been asked please excuse me (I looked
> through the archives and FAQ).
>
> Is there a way to do something like the portscan-ignorehosts for http_decode
> (ie: http_decode-ignorehosts)?  I'm having just a huge false positive hit
> showing up as IIS Unicode attack.  It comes from several of my customers who
> use AOL mail and that triggers the response.
>
> Thanks for any help!
>
> --j
>
>                   .&&&&,&&&&.
>                    \  - -  /
>                    (  @ @  )
>    +------------oOOo-(_)-oOOo---+
>    | J Cruit-Salzberg             |
>    | Sr. LAN/WAN Engineer         |
>    | Casey Family Programs        |
>    | j at ...1642...                |
>    +------------------Oooo------+
>               oooO   (   )
>              (   )    ) /
>               \ (    (_/
>                \_)
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list