[Snort-users] (http\_inspect) NON-RFC DEFINED CHAR

CMartin at ...9696... CMartin at ...9696...
Tue Dec 30 08:28:15 EST 2003

Well, I checked out what I could.  Non-RFP Defined CHAR is a warning that
the new http_inspect gives you.  Quote from manual: "For instance, a user
may not want to see NULL bytes in the request-URI" (also known as URL) "and
we can give an alert on that."  In the http_inspect configuration you can
define what characters to look for.  Also you can tell the http inspect
processor to alert when this (and other http_inspect warnings) occur.

I suggest checking out the new documentation for snort 2.1.0.. VERY
interesting and awesome new features added with snort2.1.0!



-----Original Message-----
From: Martin Hess [mailto:martin_zh at ...1171...] 
Sent: Tuesday, December 23, 2003 1:29 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] (http\_inspect) NON-RFC DEFINED CHAR


I have just installed Snort 2.1 on FBSD 4.9... but now I receive a lot of 

"(http\_inspect) NON-RFC DEFINED CHAR"

alerts. Does anyone could give me a hint about this?? I'm not shure if I've
specified the right unicode for my http-servers, cause I cannot find the
ms_unicode application!

martin, switzerland

+++ GMX - die erste Adresse für Mail, Message, More +++
Neu: Preissenkung für MMS und FreeMMS! http://www.gmx.net

This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list