[Snort-users] snort http_inspect

Jeremy Hewlett jh at ...1935...
Tue May 11 11:25:08 EDT 2004


On Tue, May 11, nyarlathothep at ...2470... wrote:
> Hello everyone,
> I have a question about the use of the Snorts preprocessors:
> I've installed Snort on  a Linux box and I've tried from outside to do a APACHE
> CHUNKED ENCODE (Bugtraq ID: 5033, CVE:).
> Snort records in the database only the http_inspect data, so :  (http_inspect)
> OVERSIZE CHUNK ENCODING
> but it dsnt activate the rules, one of those I think:

This sounds like you've stumbled on a known issue. What version are
you using? Snort 2.1.2+ has this fix.






More information about the Snort-users mailing list