Network Security: Detailed info on Re: [Snort-sigs] FP with BLEEDING-EDGE Proxy POST Request -- 2001674

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Snort-Signatures

[Top] [All Lists]

Re: [Snort-sigs] FP with BLEEDING-EDGE Proxy POST Request -- 2001674

from [Russell Fulton] Network Security

[Permanent Link]

Subject:	Re: [Snort-sigs] FP with BLEEDING-EDGE Proxy POST Request -- 2001674
Date:	Thu, 07 Apr 2005 12:30:16 +1200

On Wed, 2005-04-06 at 18:37 -0500, Matt Jonkman wrote:

How do you have HTTP_SERVERS defined? If that's not any, or is set to 
HOME_NET then these falses won't happen.


Thanks Matt, of course, silly me.

Being a university site, we use snort to detect outgoing 'attacks' as
well as incoming so both $home_net and $external_net are set to any.

I'll just have to disable this rule in our context -- hmmm... or get
Oinkmaster to change the destination.

Cheers, Russell

smime.p7s
Description: S/MIME cryptographic signature

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-sigs] FP with BLEEDING-EDGE Proxy POST Request -- 2001674, Russell Fulton Re: [Snort-sigs] FP with BLEEDING-EDGE Proxy POST Request -- 2001674, Matt Jonkman Re: [Snort-sigs] FP with BLEEDING-EDGE Proxy POST Request -- 2001674, Russell Fulton <=

Previous by Date:	Re: [Snort-sigs] FP with BLEEDING-EDGE Proxy POST Request -- 2001674, Matt Jonkman
Next by Date:	[Snort-sigs] Sourcefire VRT Advisory - 2005-04-07, Nigel Houghton
Previous by Thread:	Re: [Snort-sigs] FP with BLEEDING-EDGE Proxy POST Request -- 2001674, Matt Jonkman
Next by Thread:	[Snort-sigs] Sourcefire VRT Advisory - 2005-04-07, Nigel Houghton
Indexes:	[Date] [Thread] [Top] [All Lists]