[Snort-users] http_inspect: UNKNOWN METHOD

Greg Williams gwillia5 at ...15920...
Tue Dec 11 13:16:32 EST 2012


I updated the rules (free VRT) last Friday and didn't look at the alerts until today.  I've received 158,000 alerts for http_inspect: UNKNOWN METHOD.  SID is 119-31. alert ( msg: "HI_CLIENT_UNKNOWN_METHOD"; sid: 31; gid: 119; rev: 1; metadata: rule-type preproc ; classtype:unknown; )

I don't see a reason for this, and I can put a threshold on this rule, but is anyone else seeing the same kind of alerts within the past few days?

Greg Williams
IT Security Principal
University of Colorado at Colorado Springs
Phone: 719-255-3211
Website: http://www.uccs.edu/itsecure
greg.williams at ...15920...<mailto:greg.williams at ...15920...>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121211/fb7b5b41/attachment.html>


More information about the Snort-users mailing list