Network Security: Detailed info on Re: [Snort-users] Undocumented SIDs

Subject:	Re: [Snort-users] Undocumented SIDs
Date:	Thu, 21 Jul 2005 17:20:52 -0400

Read this, and see if this is the traffic you are seeing

http://isc.sans.org/diary.php?date=2005-06-03

This is what is generating alot of the OVERSIZED REQUEST-URI events for me right now.

Shirkdog
http://www.shirkdog.us

From: Matt Kettler <mkettler@evi-inc.com>
To: "Willy, Andrew" <AWilly@eSMIL.net>
CC: "Snort Users (E-mail)" <snort-users@lists.sourceforge.net>
Subject: Re: [Snort-users] Undocumented SIDs
Date: Thu, 21 Jul 2005 16:47:20 -0400
Willy, Andrew wrote: > List, > > Do any of you know off-hand a good place to get information on the alerts > that aren't documented, such as OVERSIZE REQUEST-URI DIRECTORY, etc. I > Googled away and did not find anything comprehensive.
That particular alert is not a rule, but is generated by the http_inspect
preprocessor. (gen_id 1)
You should look at docs/README.http_inspect.
> NOTICE OF CONFIDENTIALITY-The information in this email, including
> attachments, may be confidential
Disclaimer: This is a public list, therefore I in good faith assume all information in emails posted here is not confidential, regardless of what attached disclaimers imply may be true. I have no reasonable qualifications to distinguish confidential from non confidential information, unless clearly marked by the sender. Any inadvertent disclosures which are not clearly marked as being confidential are strictly the liability of the sender.
(couldn't resist)
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_________________________________________________________________ Don?t just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/

-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-users] Undocumented SIDs, Willy, Andrew Re: [Snort-users] Undocumented SIDs, Matt Kettler Re: [Snort-users] Undocumented SIDs, M. Shirk <= RE: [Snort-users] Undocumented SIDs, Willy, Andrew RE: [Snort-users] Undocumented SIDs, Willy, Andrew Re: [Snort-users] Undocumented SIDs, Matt Kettler RE: [Snort-users] Undocumented SIDs, Willy, Andrew

Previous by Date:	Re: [Snort-users] Undocumented SIDs, Matt Kettler
Next by Date:	RE: [Snort-users] Undocumented SIDs, Willy, Andrew
Previous by Thread:	Re: [Snort-users] Undocumented SIDs, Matt Kettler
Next by Thread:	RE: [Snort-users] Undocumented SIDs, Willy, Andrew
Indexes:	[Date] [Thread] [Top] [All Lists]