[Snort-users] (no subject)

Kenneth Trimmmer kenneth.trimmer at ...12179...
Mon Aug 2 10:35:05 EDT 2004


I just upgraded to the current version of Snort. Now, I am getting multiple
Http_Inspect Alerts. Most of the payloads look like normal web traffic. My
previous version of snort didn't have the HTTP_Insepct Preprocessor. So, I
am a little confused on the importance of the Http_Inspect and it's
configuration.  Here are my questions. 

1. Why are there so many alerts on normal traffic?

2. Is this preprocessor necessary?

3. Do I have to configure the preprocessor for every web server we run, or
will the default settings be OK. 

4. Is it unwise to turn if off?

 

I have read through the Documentation from SNORT on this preprocessor and
still can't seem to answer my questions. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040802/ef788eca/attachment.html>


More information about the Snort-users mailing list