[Snort-users] UNKNOWN METHOD

Jorge G. Perez jorgep at ...10896...
Thu Nov 7 12:44:31 EST 2013


some body help pleace:

what is:
11/07-11:21:40.768863  [**] [119:31:1] http_inspect: UNKNOWN METHOD [**] 
[Classification: Unknown Traffic] [Priority: 3] {TCP}


my config http:

preprocessor http_inspect: global iis_unicode_map unicode.map 1252 \
                            compress_depth 65535 \
                            decompress_depth 65535 \
                            memcap 603979776

preprocessor http_inspect_server: server default \

     http_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK \
                    UNLOCK NOTIFY POLL BCOPY BDELETE BMOVE LINK \
                    UNLINK OPTIONS HEAD DELETE TRACE TRACK CONNECT \
                    SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH \
                    BPROPFIND BPROPPATCH RPC_CONNECT PROXY_SUCCESS \
                    BITS_POST CCM_POST SMS_POST RPC_IN_DATA RPC_OUT_DATA 
RPC_ECHO_DATA } \

     chunk_length 500000 \
     server_flow_depth 0 \
     client_flow_depth 0 \
     post_depth 0 \
     oversize_dir_length 600 \
     max_header_length 0 \
     max_headers 1024 \
     max_spaces 200 \
     small_chunk_length { 10 5 } \
     ports { 80 81 8080 8081 3128 3000 56712 34412 } \
     non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
     enable_cookie \
     extended_response_inspection \
     normalize_utf \
     normalize_headers \
     normalize_cookies \
     normalize_javascript \
     apache_whitespace no \
     ascii no \
     bare_byte no \
     directory no \
     double_decode no \
     iis_backslash no \
     iis_delimiter no \
     iis_unicode no \
     multi_slash no \
     utf_8 no \
     u_encode yes \
     webroot no \
     enable_xff






More information about the Snort-users mailing list