[Snort-users] (http_inspect) NON-RFC HTTP DELIMITER
This is a discussion on [Snort-users] (http_inspect) NON-RFC HTTP DELIMITER within the Snort forums, part of the System Security and Security Related category; Hi, Does anyone know which rule triggers the following alert? [**] [119:13:1] (http_inspect) NON-RFC HTTP DELIMITER [**] 03/01-...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-01-2004
|
|||
|
|||
[Snort-users] (http_inspect) NON-RFC HTTP DELIMITER
Hi,
Does anyone know which rule triggers the following alert? [**] [119:13:1] (http_inspect) NON-RFC HTTP DELIMITER [**] 03/01-15:36:12.922251 0:A:E6:89:42:65 -> 0:40:F4:6B:59:55 type:0x800 len:0x5E 192.168.22.30:4497 -> 192.168.22.205:80 TCP TTL:128 TOS:0x0 ID:57615 IpLen:20 DgmLen:80 DF ***AP*** Seq: 0x6D579DE1 Ack: 0x83A999D7 Win: 0x4470 TcpLen: 20 I do not seem to find the rule anywhere that triggers that. Thanks in advance, Peggy ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
