[Snort-users] Looking for info re: snort rules hard coded i.e.[119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING

Brian bmc at ...950...
Fri Aug 27 13:35:16 EDT 2004


On Thu, Aug 26, 2004 at 10:37:35AM -0500, Bruce L. Donlin wrote:
> Is there an easy way of getting information regarding the alerts
> generated by snort, but not documented in the snort signature database?
>  
> Examples:
>  [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING 

http://www.snort.org/snort-db/sid.html?sid=119:16

>  [119:4:1] (http_inspect) BARE BYTE UNICODE ENCODING 

http://www.snort.org/snort-db/sid.html?sid=119:4

>  [119:2:1] (http_inspect) DOUBLE DECODING ATTACK 

http://www.snort.org/snort-db/sid.html?sid=119:2

-b




More information about the Snort-users mailing list