[Snort-users] (no subject)
kenneth.trimmer at ...12179...
Mon Aug 2 10:35:05 EDT 2004
I just upgraded to the current version of Snort. Now, I am getting multiple
Http_Inspect Alerts. Most of the payloads look like normal web traffic. My
previous version of snort didn't have the HTTP_Insepct Preprocessor. So, I
am a little confused on the importance of the Http_Inspect and it's
configuration. Here are my questions.
1. Why are there so many alerts on normal traffic?
2. Is this preprocessor necessary?
3. Do I have to configure the preprocessor for every web server we run, or
will the default settings be OK.
4. Is it unwise to turn if off?
I have read through the Documentation from SNORT on this preprocessor and
still can't seem to answer my questions.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users