[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-sigs
Subject: Re: [Snort-sigs] FP with BLEEDING-EDGE Proxy POST Request --
From: Russell Fulton <r.fulton () auckland ! ac ! nz>
Date: 2005-04-07 0:30:16
Message-ID: 1112833817.4135.31.camel () bloodnok ! itss ! auckland ! ac ! nz
[Download RAW message or body]
On Wed, 2005-04-06 at 18:37 -0500, Matt Jonkman wrote:
> How do you have HTTP_SERVERS defined? If that's not any, or is set to=20
> HOME_NET then these falses won't happen.
Thanks Matt, of course, silly me.
Being a university site, we use snort to detect outgoing 'attacks' as
well as incoming so both $home_net and $external_net are set to any.
I'll just have to disable this rule in our context -- hmmm... or get
Oinkmaster to change the destination.
Cheers, Russell
["smime.p7s" (application/x-pkcs7-signature)]
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic