[Snort-users] Problem with http_inspect and Basic Authentication rule

andreas andi at ...15330...
Mon Jul 4 11:43:56 EDT 2011


On 07/04/2011 04:37 PM, Joel Esler wrote:
> Try 2.9.1 beta. 

I will,
but i also found out that setting client_flow_depth to 1460 (or at least
over the default 300 value) results in the alert.
Is this default value with 300 set for better performance? The problem
with a low value is the issue i mentioned. The HTTP Request may be a
little bit longer and snort doesn't log the request.
But it may be that this is the intention for the default value to
increase performance and to accept some rules to fail.

I will report if i can see any differences with the beta.

thanks so far

Andi++





More information about the Snort-users mailing list