Snort mailing list archives
Re: http-inspect sig id Snort Alert 21
From: Nigel Houghton <nhoughton () sourcefire com>
Date: Fri, 16 Apr 2010 08:38:36 -0400
On Thu, Apr 15, 2010 at 11:10 PM, Russell Fulton <r.fulton () auckland ac nz> wrote:
I am seeing several of these on various snort sensors Snort Alert [119:21:0] so far as I can see the latest gen-sig.map goes up to 119:18... Any idea what these are? Russell Fulton Information Security Officer, The University of Auckland New Zealand ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Yes, it is "MULTIPLE CONTENT LENGTH HEADER FIELDS". There's an updated gen-msg.map going out with Snort 2.8.6 next week. -- Nigel Houghton Head Mentalist SF VRT http://vrt-sourcefire.blogspot.com && http://labs.snort.org/ ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- http-inspect sig id Snort Alert 21 Russell Fulton (Apr 15)
- Re: http-inspect sig id Snort Alert 21 Nigel Houghton (Apr 16)