August 4th, 2006, 01:05 AM
I checked my snort.conf and this is what I have for http_inspect_Server
preprocessor http_inspect: global iis_unicode_map unicode.map 1252
preprocessor http_inspect_server: server default...
July 30th, 2006, 11:30 PM
ahh ok, I'll tinker more with it.
July 30th, 2006, 11:21 PM
The alert is coming from an outbound connection. So when I visit that site, the alert comes up. But I know the site is legit, and I just filtered out alerts from it.
July 29th, 2006, 09:10 PM
July 26th, 2006, 01:20 AM
I have another question, I get some alerts that say "(http_inspect) OVERSIZE CHUNK ENCODING"
from my ip going out to port 80.
Can anyone explain to me what that means? I tried searching on the...
July 22nd, 2006, 11:33 PM
Those were the iptables commands I was looking for in my second question.
Thanks
July 22nd, 2006, 04:03 AM
I did some more investigating today...
Iptables is dropping the packets , but Snort reads the packets before IPtables does on the NIC connected to the internet. I guess how the machine is setup,...
July 21st, 2006, 11:09 AM
July 21st, 2006, 02:59 AM
Is there a log file I can watch to see what get drops?
under /var/logs or somewhere?
will tcpdump show them being dropped?
July 21st, 2006, 02:38 AM
I hope I word this correctly.
I am running IPcop firewall and I always see a lot of garbage traffic coming from over seas. I see a lot of misc MS-SQL attacks from the same range of IPs. I got...