[Snort-users] no alert in http tunnel

SW samwun at ...6596...
Thu Oct 31 04:00:02 EST 2002


 Dear all,
 
 I heard that snort 1.8.2 can be configured to catch
 httptunnel with remote
 login (eg. telnet thru http tunnel), it should produce
 the following false
 posstive:
       [**] WEB-MISC whisker splice attack [**]
 but as far as I known, default rule configuration does
 not produce the above
 signature with snort 1.8.2, it just keep silent. This
 is same as snort 1.9.

 Does anyone know how to configure snort to catch
 httptunnel with remote
 telnet?
 
 Thanks
 Sam
 



More information about the Snort-users mailing list