Snort mailing list archives
Re: Undocumented SIDs
From: "M. Shirk" <shirkdog_list () hotmail com>
Date: Thu, 21 Jul 2005 17:20:52 -0400
Read this, and see if this is the traffic you are seeing http://isc.sans.org/diary.php?date=2005-06-03This is what is generating alot of the OVERSIZED REQUEST-URI events for me right now.
Shirkdog http://www.shirkdog.us
From: Matt Kettler <mkettler () evi-inc com> To: "Willy, Andrew" <AWilly () eSMIL net> CC: "Snort Users (E-mail)" <snort-users () lists sourceforge net> Subject: Re: [Snort-users] Undocumented SIDs Date: Thu, 21 Jul 2005 16:47:20 -0400 Willy, Andrew wrote: > List, >> Do any of you know off-hand a good place to get information on the alerts> that aren't documented, such as OVERSIZE REQUEST-URI DIRECTORY, etc. I > Googled away and did not find anything comprehensive. That particular alert is not a rule, but is generated by the http_inspect preprocessor. (gen_id 1) You should look at docs/README.http_inspect. > NOTICE OF CONFIDENTIALITY-The information in this email, including > attachments, may be confidential Disclaimer: This is a public list, therefore I in good faith assume all information in emails posted here is not confidential, regardless of whatattached disclaimers imply may be true. I have no reasonable qualifications todistinguish confidential from non confidential information, unless clearlymarked by the sender. Any inadvertent disclosures which are not clearly markedas being confidential are strictly the liability of the sender. (couldn't resist) ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_________________________________________________________________Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/
------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Undocumented SIDs Willy, Andrew (Jul 21)
- <Possible follow-ups>
- Re: Undocumented SIDs Nigel Houghton (Jul 21)
- Undocumented SIDs Willy, Andrew (Jul 21)
- Re: Undocumented SIDs Matt Kettler (Jul 21)
- Re: Undocumented SIDs M. Shirk (Jul 21)
- Re: Undocumented SIDs Matt Kettler (Jul 21)
- RE: Undocumented SIDs Willy, Andrew (Jul 21)
- RE: Undocumented SIDs Willy, Andrew (Jul 21)
- Re: Undocumented SIDs Matt Kettler (Jul 21)