[Snort-users] no alert in http tunnel

SW samwun at ...6596...
Thu Oct 31 04:00:02 EST 2002

 Dear all,
 I heard that snort 1.8.2 can be configured to catch
 httptunnel with remote
 login (eg. telnet thru http tunnel), it should produce
 the following false
       [**] WEB-MISC whisker splice attack [**]
 but as far as I known, default rule configuration does
 not produce the above
 signature with snort 1.8.2, it just keep silent. This
 is same as snort 1.9.

 Does anyone know how to configure snort to catch
 httptunnel with remote

More information about the Snort-users mailing list