|
|
|
|
Snort Forums Archive
Archive Home » Other » Snort Alert
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
Snort Alert
Posted by HTI_IDS on April 06, 2006 12:04:24
I am using Snort2.4.3 running on CentOS-4 with MySql. Snort is generating continous alerts showing own NIC as source address -Details of the alert is "(http_inspect) DOUBLE DECODING ATTACK".
I would appriciate if anyone suggests how to fix it.
Thanks
Sanjay |
|
Posted by Joel_Esler on April 12, 2006 14:01:48
You need to tune your http_inspect preprocessor. Instructions are in the manual. |
|
Posted by HTI_IDS on April 27, 2006 13:22:50
Hi,
Thanks for your reply. Can you send me the manual - you are mentioning for tuning http_inspect preprocessor.
Thanks
Sanjay
delhisanjay@yahoo.com |
|
Posted by Oxygen on June 16, 2006 08:08:35
Hi Guys, in fact i need nearly immediate help, im trying to run snort, mostly 2.1.2 under FreeDOS, and need to know if i can disable(#comment), searching for some linux and windows related commands in snort.c and for libraries, to run Snort properly.
Im trying to comile it with DGJPP compiler.( P.S. Freedos is a single tasking OS), i will be very thankful for every support you can provide
tydum@mail.ru |
|
Posted by Ghozt64 on November 21, 2006 19:50:30
'';!--"=&{()} |
|
Posted by Ghozt64 on November 21, 2006 19:51:20
|
|
Posted by Ghozt64 on November 21, 2006 19:51:53
|
|
|
|
|
|
