[Snort-users] snort http_inspect alerts still flooding on snort 2.1.2....
cwcwcwg at ...131...
Fri May 21 05:50:03 EDT 2004
Jeremy and All,
I was running snort 2.1.1 on Solaris 8, it kicked off
1k+ http_inspect alerts each day, I thought ugrading
to 2.1.2 would fix this problem according to message
I never saw any of http_inspect alerts when running
I upgraded my snort to Version 2.1.2 (Build 25), it
still shows more than 1k http_inspect related events
in the alert file in 10 hours, is it real? how to tune
it down, or stop it since it's NOT from a rule file?
Any best suggestions to handle it will be much
Thanks in advance!
--- Jeremy Hewlett <jh at ...1935...> wrote:
> On Tue, May 11, nyarlathothep at ...2470... wrote:
> > Hello everyone,
> > I have a question about the use of the Snorts
> > I've installed Snort on a Linux box and I've
> tried from outside to do a APACHE
> > CHUNKED ENCODE (Bugtraq ID: 5033, CVE:).
> > Snort records in the database only the
> http_inspect data, so : (http_inspect)
> > OVERSIZE CHUNK ENCODING
> > but it dsnt activate the rules, one of those I
> This sounds like you've stumbled on a known issue.
> What version are
> you using? Snort 2.1.2+ has this fix.
> This SF.Net email is sponsored by Sleepycat Software
> Learn developer strategies Cisco, Motorola, Ericsson
> & Lucent use to
> deliver higher performing products faster, at low
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> Snort-users list archive:
Do you Yahoo!?
Yahoo! Domains Claim yours for only $14.70/year
More information about the Snort-users