Snort mailing list archives

reducing referrer false-positives

From: Doug White <dwhite () resnet uoregon edu>
Date: Wed, 11 Jul 2001 14:23:25 -0700 (PDT)

Hello,

I've gotten snort to look at the data I want (finally) and are running the
most recent rev.  Now that it's taking the full brunt of our web traffic,
it's logging lots of alerts on rule hits for things in the Referrer: field
in the HTTP query.

Has someone invented a way of deleting the Referrer: data, or only looking
at the HTTP query itself to reduce the number of false positives?

Doug White                    |  FreeBSD: The Power to Serve
dwhite () resnet uoregon edu     |  www.FreeBSD.org


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

reducing referrer false-positives Doug White (Jul 11)