[Snort-users] Not feeling the LOVE
bkeepper at ...4822...
Mon Mar 4 10:57:47 EST 2002
I have posted several times all over webdom and have not recieved a
single reply to this question:
"I posted this to the snort users list. No replies. I don't think it is
a stupid question and it is not covered in the documentation.
I am getting a lot of spp_unidecode (mostly CGI null byte attack)false
postives originating from my firewall NAT address going ONLY to specific
web sites (ingrammicro and compaq to be specific).
How can I eliminate these false positives. Obviously normal rule
modifications won't work because this is a preprocessor.
ANY help would be appreciated."
If everybody is ignoring because this is covered in the documentation,
please be helpful and point me to spot.
I can't believe I am the only having this issue.
Once again, any help (or thoughts would be appreciated),
More information about the Snort-users