RE: [Snort-users] Ok, Ok - I know - http_inspect
This is a discussion on RE: [Snort-users] Ok, Ok - I know - http_inspect within the Snort forums, part of the System Security and Security Related category; I don't believe you will be able to specify a subnet. I tried that awhile ago and couldn't ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-17-2004
|
|||
|
|||
RE: [Snort-users] Ok, Ok - I know - http_inspect
I don't believe you will be able to specify a subnet.
I tried that awhile ago and couldn't get it to work. It's either global or server-specific. Cheese! Marc --__--__-- Message: 1 From: "Rowland, Krisa W ERDC-ITL-MS Contractor" <Krisa.W.Rowland@erdc.usace.army.mil> To: "'Snort-users@lists.sourceforge.net'" <Snort-users@lists.sourceforge.net> Date: Wed, 16 Jun 2004 10:53:56 -0500 Subject: [Snort-users] Ok, Ok - I know - http_inspect This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C453BA.219029D8 Content-Type: text/plain I know I'm going to get slaughtered for even bringing up the subject of http_inspect. I've read through the old posts, and also read through the manual. I'm hoping that someone can offer clarification or guidance on this, though. I do not want to disable this option - but at the moment I'm going to have to - just pouring out too many alerts. I tried to limit these alerts to only my webfarm subnet by doing this: preprocessor http_inspect_server: server x.x.x.0/8 \ profile all ports { 80 8080 8180 } oversize_dir_length 500 But it didn't like that. I'd just like to restrict these alerts to one subnet - how do I do that? Shouldn't I use the all profile if I'm pretty sure that I have apache and IIS servers? Krisa Rowland <snip> __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ------------------------------------------------------- This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
