[Snort-users] help with file bpf and ip 0.0.0.0
hernani_coelho at ...4664...
Wed Jan 20 13:10:51 EST 2016
On 20-01-2016 17:55, wkitty42 at ...14940... wrote:
> On 01/20/2016 12:03 PM, hernani coelho wrote:
>> now i see if i search an web page snort give me alerts like this -->
>> [snort <http://www.snort.org/search/sid/119-15>] http_inspect: OVERSIZE
>> REQUEST-URI DIRECTORY 2016-01-20 16:59:34 192.168.1.66
>> is safe to ignore port 80??
> IMHO, absolutely not...
> if you are getting oversize reports like that, you can increase the size of your
> oversize_dir_length setting in the http_inspect preprocessor section of your
> snort.conf file... we use 750 here but you may need a larger or smaller value
> depending on the traffic on your network...
i have removed 0.0.0.0 from home net
now how can i stop alerts from ip dst 0.0.0.0
More information about the Snort-users