[Snort-users] Re: [Snort-sigs] http_inspect
This is a discussion on [Snort-users] Re: [Snort-sigs] http_inspect within the Snort forums, part of the System Security and Security Related category; On Jul 29, 2004, at 3:05 PM, Esler, Joel - Contractor wrote: > detect_anomalous_servers config for http_inspect.=A0 When I ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-02-2004
|
|||
|
|||
[Snort-users] Re: [Snort-sigs] http_inspect
On Jul 29, 2004, at 3:05 PM, Esler, Joel - Contractor wrote: > detect_anomalous_servers config for http_inspect.=A0 When I turn it = on,=20 > it works, but it detects return HTTP traffic as opposed to HTTP=20 > traffic to non $HTTP_SERVERS, I am assuming that this is the probem=20 > with it right now and they are going to fix it?=A0 Or do I have=20 > something misconfig? > The detect_anomalous_servers configuration option looks for HTTP=20 traffic on non-HTTP ports. Basically, if someone starts running a web=20= server on ports other than the ones you already have defined, snort=20 will generate the alert "(http_inspect) ANOMALOUS HTTP SERVER ON=20 UNDEFINED HTTP PORT" from this configuration. Brian= ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
