[Snort-users] DOUBLE DECODING ATTACK

Joel Esler joel.esler at ...1935...
Fri Oct 13 06:37:29 EDT 2006


Have you tuned your http_inspect_server lines to accurately reflect  
your http servers?

J


On Oct 13, 2006, at 6:12 AM, Julien VARLET wrote:

> Hi,
>
> I get a lot of DOUBLE DECODING ATTACK when http preprocessor is  
> active, but it is only false positives... I do not want to  
> desactivate http preprocessor. How can I do ?
>
> Thanks.
>
>
> To: snort.user at ...11827...
>     snort-users at lists.sourceforge.net
>     snort-devel at lists.sourceforge.net
>
>
>
> ---------------------------------------------------------------------- 
> ---
> Using Tomcat but need to do more? Need to support web services,  
> security?
> Get stuff done quickly with pre-integrated technology to make your  
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
> Geronimo
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>

+---------------------------------------------------------------------+
joel esler          senior security consultant         1-706-627-2101
Sourcefire    Security for the /Real/ World -- http://www.sourcefire.com
        Snort - Open Source Network IPS/IDS -- http://www.snort.org
          gpg key: http://demo.sourcefire.com/jesler.pgp.key
            aim:eslerjoel  ymsg:eslerjoel gtalk:eslerj
+---------------------------------------------------------------------+






More information about the Snort-users mailing list