[Snort-users] Newbie question
This is a discussion on [Snort-users] Newbie question within the Snort forums, part of the System Security and Security Related category; This is a multi-part message in MIME format. ------_=_NextPart_001_01C4DD68.B96C7678 Content-Type: text/plain; charset="us-ascii&...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-08-2004
|
|||
|
|||
[Snort-users] Newbie question
This is a multi-part message in MIME format.
------_=_NextPart_001_01C4DD68.B96C7678 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable I'm new to snort, so forgive simple question. I'm reading in a file in tcpdump format and it has a few Code Red II packets that I can see when I dump in hex, but I don't know why http inspect preprocessor isn't detecting it. Is it because Code Red is too old? Http inspect is detecting other packets so I know it's functioning to some degree. Thanks. =20 -Ken Foster=20 ------_=_NextPart_001_01C4DD68.B96C7678 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"> <TITLE>Message</TITLE> <META content=3D"MSHTML 6.00.2800.1476" name=3DGENERATOR></HEAD> <BODY> <DIV><SPAN class=3D135135520-08122004><FONT face=3DArial size=3D2>I'm = new to snort, so=20 forgive simple question. I'm reading in a file in tcpdump format and it = has a=20 few Code Red II packets that I can see when I dump in hex, but I don't = know why=20 http inspect preprocessor isn't detecting it. Is it because Code Red is = too old?=20 Http inspect is detecting other packets so I know it's functioning to = some=20 degree. Thanks.</FONT></SPAN></DIV> <DIV><SPAN class=3D135135520-08122004></SPAN> </DIV> <DIV><SPAN lang=3Den-us><FONT face=3DArial size=3D2>-</FONT></SPAN><SPAN = lang=3Den-us><FONT face=3DArial size=3D2>Ken Foster</FONT></SPAN>=20 <BR></DIV></BODY></HTML> ------_=_NextPart_001_01C4DD68.B96C7678-- ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
