[Snort-users] DOUBLE DECODING ATTACK
rosa.schwein at ...12989...
Thu Aug 18 10:19:31 EDT 2005
i run snort 2.3.2 on solaris 9
in the logs i see a lot of entries
with text: DOUBLE DECODING ATTACK
nearly all of the entries are generated
by the source ip-adress of my proxy.
so i assume, i didn't setup snort correctly.
in snort.conf i did define variable HOME_NET
and also var EXTERNAL_NET !$HOME_NET
HOME_NET is defined as super-net of 8 c-class ( /21 )
where proxy-ip is included.
i start snort with option -h and my network.
or is there a way to disable this rule ?
More information about the Snort-users