[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-sigs
Subject:    Re: [Snort-sigs] FP with BLEEDING-EDGE Proxy POST Request --
From:       Russell Fulton <r.fulton () auckland ! ac ! nz>
Date:       2005-04-07 0:30:16
Message-ID: 1112833817.4135.31.camel () bloodnok ! itss ! auckland ! ac ! nz
[Download RAW message or body]

On Wed, 2005-04-06 at 18:37 -0500, Matt Jonkman wrote:
> How do you have HTTP_SERVERS defined? If that's not any, or is set to=20
> HOME_NET then these falses won't happen.

Thanks Matt, of course, silly me.

Being a university site, we use snort to detect outgoing 'attacks' as
well as incoming so both $home_net and $external_net are set to any.

I'll just have to disable this rule in our context -- hmmm... or get
Oinkmaster to change the destination.

Cheers, Russell

["smime.p7s" (application/x-pkcs7-signature)]
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

[prev in list] [next in list] [prev in thread] [next in thread]