[Snort-users] help with file bpf and ip

Joel Esler (jesler) jesler at ...589...
Wed Jan 20 16:52:14 EST 2016

On Jan 20, 2016, at 1:10 PM, hernani coelho <hernani_coelho at ...4664...<mailto:hernani_coelho at ...4664...>> wrote:

On 20-01-2016 17:55, wkitty42 at ...14940...<mailto:wkitty42 at ...14940...> wrote:
On 01/20/2016 12:03 PM, hernani coelho wrote:
now i see if i search an web page snort give me alerts like this -->

[snort <http://www.snort.org/search/sid/119-15>] http_inspect: OVERSIZE
REQUEST-URI DIRECTORY 2016-01-20 16:59:34

is safe to ignore port 80??
IMHO, absolutely not...

if you are getting oversize reports like that, you can increase the size of your
oversize_dir_length setting in the http_inspect preprocessor section of your
snort.conf file... we use 750 here but you may need a larger or smaller value
depending on the traffic on your network...

i have removed from home net
now how can i stop alerts from ip dst

How is traffic from transversing the network?

That’s what I want to know.

Joel Esler
Manager, Threat Intelligence Team & Open Source
Talos Group

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160120/37f53808/attachment.html>

More information about the Snort-users mailing list