[Snort-users] what triggers these?
lists at ...9778...
Wed Oct 12 06:08:30 EDT 2005
Am Dienstag, den 11.10.2005, 09:26 -0400 schrieb Kretzer, Jason R (Big
> [**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
This is caused by the http_inspect preprocessor. This preprocessor
analyzes at least part of your HTTP traffic. It found a uri in an http
request where the directory string was longer than the maximum
> [**] [1:1416:9] SNMP broadcast trap [**]
Your printer is configured to send out SNMP Broadcast Traps. If you do
not use any software that listens to SNMP Traps I would advise disabling
it. If you do, you might want to remove Signature 1416 in Snort
alert udp any any -> 255.255.255.255 162 (msg:"SNMP broadcast trap";
reference:bugtraq,4088; reference:bugtraq,4089; reference:bugtraq,4132;
classtype:attempted-recon; sid:1416; rev:9;)
> The first is coming from the outside world, the second is coming from
> a network printer. Are these anything to be really worried about?
Well depending on the value you used for oversize_dir_length and your
webserver it might be normal or unusual.
OpenSource Training http://www.opensource-training.de
Webereistr. 1 48565 Steinfurt Germany
More information about the Snort-users