[Snort-users] (http\_inspect) NON-RFC DEFINED CHAR
jeff-kell at ...6282...
Tue Dec 30 08:42:01 EST 2003
CMartin at ...9696... wrote:
> Well, I checked out what I could. Non-RFP Defined CHAR is a warning that
> the new http_inspect gives you. Quote from manual: "For instance, a user
> may not want to see NULL bytes in the request-URI" (also known as URL) "and
> we can give an alert on that." In the http_inspect configuration you can
> define what characters to look for. Also you can tell the http inspect
> processor to alert when this (and other http_inspect warnings) occur.
> I suggest checking out the new documentation for snort 2.1.0.. VERY
> interesting and awesome new features added with snort2.1.0!
I'm getting loads of these, as well as double-decode warnings from
people using hotmail. I don't want to have to make config entries for
all of the hotmail servers... also NON-RFC Delimiter errors in P2P
traffic. I would prefer that it only look at URIs from $EXTERNAL_NET.
More information about the Snort-users