snort-users November 2009 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: Re: [Snort-users] http_inspect

Re: [Snort-users] http_inspect

From: Jefferson, Shawn <Shawn.Jefferson_at_nospam>
Date: Tue Nov 10 2009 - 19:43:49 GMT
To: Jason Wallace <jason.r.wallace@gmail.com>


Thanks, I guess I missed that in the docs!

Shawn

-----Original Message-----
From: Jason Wallace [mailto:jason.r.wallace@gmail.com] Sent: Tuesday, November 10, 2009 11:42 AM To: Jefferson, Shawn
Cc: Snort Users List
Subject: Re: [Snort-users] http_inspect

Per the docs...

IMPORTANT:
The 'yes/no' argument does not specify whether the configuration option itself is on or off, only the alerting functionality.

On Tue, Nov 10, 2009 at 1:32 PM, Jefferson, Shawn <Shawn.Jefferson@bcferries.com> wrote:
> Hi,
>
> I'm looking at tuning the http_inspect pre-processor, specifically some of
> the false positives I get from this.
>
> My question is, if you set some of these options:
>
> u_encode no
> bare_byte no
> iis_unicode no
> double_decode no
>
> Will that affect the ability for snort to process some of the http specific
> rules in the ruleset? Does it affect the normalization of http traffic, or
> just turn off these specific alerts?
>
> --
> Shawn
>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now. http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users