[Snort-users] snort http_inspect alerts still flooding on snort 2.1.2....

Snortty cwcwcwg at ...131...
Fri May 21 05:50:03 EDT 2004


Jeremy and All, 

I was running snort 2.1.1 on Solaris 8, it kicked off
1k+ http_inspect alerts each day, I thought ugrading
to 2.1.2 would fix this problem according to message
below. 

I never saw any of http_inspect alerts when running
snort 2.0.6. 

I upgraded my snort to Version 2.1.2 (Build 25), it
still shows more than 1k http_inspect related events
in the alert file in 10 hours, is it real? how to tune
it down, or stop it since it's NOT from a rule file?

Any best suggestions to handle it will be much
appreciated.

Thanks in advance!
Sn W. 


--- Jeremy Hewlett <jh at ...1935...> wrote:
> On Tue, May 11, nyarlathothep at ...2470... wrote:
> > Hello everyone,
> > I have a question about the use of the Snorts
> preprocessors:
> > I've installed Snort on  a Linux box and I've
> tried from outside to do a APACHE
> > CHUNKED ENCODE (Bugtraq ID: 5033, CVE:).
> > Snort records in the database only the
> http_inspect data, so :  (http_inspect)
> > OVERSIZE CHUNK ENCODING
> > but it dsnt activate the rules, one of those I
> think:
> 
> This sounds like you've stumbled on a known issue.
> What version are
> you using? Snort 2.1.2+ has this fix.
> 
> 
> 
> 
>
-------------------------------------------------------
> This SF.Net email is sponsored by Sleepycat Software
> Learn developer strategies Cisco, Motorola, Ericsson
> & Lucent use to 
> deliver higher performing products faster, at low
> TCO.
>
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users



	
		
__________________________________
Do you Yahoo!?
Yahoo! Domains – Claim yours for only $14.70/year
http://smallbusiness.promotions.yahoo.com/offer 




More information about the Snort-users mailing list