Home page logo
/

snort logo Snort mailing list archives

Re: snort SID 119-15
From: Nigel Houghton <nhoughton () sourcefire com>
Date: Thu, 16 Dec 2010 11:18:43 -0500


Well, there are actually docs for GID 3 and preprocessors, you can 
download them from snort.org or you can use snort.org to view them. 
Most of the open source tools that exist for looking at events have 
links to the docs.

Here is the one for 119-3:

 http://www.snort.org/search/sid/119-3?r=1

On Thu, 16 Dec 2010 09:02:21 -0700, JJC wrote:
As a matter of information-finding-assistance..

Under the doc directory in the snort tarball you will find loads of
docs on all of the preprocessors (pretty much all gids that are not 1
or 3).

$ grep 119 doc/*
README.http_inspect:HTTP Inspect used generator ID 119 and 120.  HTTP
Inspect can generate the
README.http_inspect:following alerts under generator ID 119:
Binary file faq.pdf matches
generators:http inspect client        119 # HTTP Inspect
Binary file snort_manual.pdf matches


On Thu, Dec 16, 2010 at 8:56 AM, Sandro guly Zaccarini
<guly () luv guly org> wrote:
On Thu, Dec 16, 2010 at 10:48:31AM -0500, Lawrence R. Hughes, Sr. wrote:
Hi,

Where the this rule: sid:119-15 reside in the system?

doc/README.http_inspect

sz
--
 /"\   taste your favourite IT consultant
 \ /   gpg public key http://www.guly.org/guly.asc
  X
 / \



------------------------------------------------------------------------------
Lotusphere 2011
Register now for Lotusphere 2011 and learn how
to connect the dots, take your collaborative environment
to the next level, and enter the era of Social Business.
http://p.sf.net/sfu/lotusphere-d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



------------------------------------------------------------------------------
Lotusphere 2011
Register now for Lotusphere 2011 and learn how
to connect the dots, take your collaborative environment
to the next level, and enter the era of Social Business.
http://p.sf.net/sfu/lotusphere-d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
Nigel Houghton
Head Mentalist
SF VRT Department of Intelligence Excellence
http://vrt-sourcefire.blogspot.com && http://labs.snort.org/

------------------------------------------------------------------------------
Lotusphere 2011
Register now for Lotusphere 2011 and learn how
to connect the dots, take your collaborative environment
to the next level, and enter the era of Social Business.
http://p.sf.net/sfu/lotusphere-d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault