Snort mailing list archives
Re: what triggers these?
From: Ralf Spenneberg <lists () spenneberg org>
Date: Wed, 12 Oct 2005 15:07:40 +0200
Hi Jason, Am Dienstag, den 11.10.2005, 09:26 -0400 schrieb Kretzer, Jason R (Big Sandy):
[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
This is caused by the http_inspect preprocessor. This preprocessor analyzes at least part of your HTTP traffic. It found a uri in an http request where the directory string was longer than the maximum configured: http_inspect: oversize_dir_length
[**] [1:1416:9] SNMP broadcast trap [**]
Your printer is configured to send out SNMP Broadcast Traps. If you do not use any software that listens to SNMP Traps I would advise disabling it. If you do, you might want to remove Signature 1416 in Snort snmp.rules: alert udp any any -> 255.255.255.255 162 (msg:"SNMP broadcast trap"; reference:bugtraq,4088; reference:bugtraq,4089; reference:bugtraq,4132; reference:cve,2002-0012; reference:cve,2002-0013; classtype:attempted-recon; sid:1416; rev:9;)
The first is coming from the outside world, the second is coming from a network printer. Are these anything to be really worried about?
Well depending on the value you used for oversize_dir_length and your webserver it might be normal or unusual. Cheers, Ralf -- Ralf Spenneberg OpenSource Training http://www.opensource-training.de Webereistr. 1 48565 Steinfurt Germany ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- what triggers these? Kretzer, Jason R (Big Sandy) (Oct 11)
- Re: what triggers these? Ralf Spenneberg (Oct 12)
- <Possible follow-ups>
- RE: what triggers these? Kretzer, Jason R (Big Sandy) (Oct 12)
- RE: what triggers these? Kretzer, Jason R (Big Sandy) (Oct 12)