RE: [Snort-users] (http\_inspect) NON-RFC DEFINED CHAR
This is a discussion on RE: [Snort-users] (http\_inspect) NON-RFC DEFINED CHAR within the Snort forums, part of the System Security and Security Related category; Well, I checked out what I could. Non-RFP Defined CHAR is a warning = that the new http_inspect gives you. ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-30-2003
|
|||
|
|||
RE: [Snort-users] (http\_inspect) NON-RFC DEFINED CHAR
Well, I checked out what I could. Non-RFP Defined CHAR is a warning =
that the new http_inspect gives you. Quote from manual: "For instance, a = user may not want to see NULL bytes in the request-URI" (also known as URL) = "and we can give an alert on that." In the http_inspect configuration you = can define what characters to look for. Also you can tell the http inspect processor to alert when this (and other http_inspect warnings) occur. I suggest checking out the new documentation for snort 2.1.0.. VERY interesting and awesome new features added with snort2.1.0! GREAT WORK SNORT TEAM! Chris -----Original Message----- From: Martin Hess [mailto:martin_zh@gmx.ch]=20 Sent: Tuesday, December 23, 2003 1:29 AM To: snort-users@lists.sourceforge.net Subject: [Snort-users] (http\_inspect) NON-RFC DEFINED CHAR Hi! I have just installed Snort 2.1 on FBSD 4.9... but now I receive a lot = of=20 "(http\_inspect) NON-RFC DEFINED CHAR" alerts. Does anyone could give me a hint about this?? I'm not shure if = I've specified the right unicode for my http-servers, cause I cannot find = the ms_unicode application! regards, martin, switzerland --=20 +++ GMX - die erste Adresse f=FCr Mail, Message, More +++ Neu: Preissenkung f=FCr MMS und FreeMMS! http://www.gmx.net ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for = IBM's Free Linux Tutorials. Learn everything from the bash shell to sys = admin. Click now! http://ads.osdn.com/?ad_id=3D1278&al...371&op=3Dclick _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...=3Dsnort-users ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
