Home page logo
/

snort logo Snort mailing list archives

Re: HTTP Inspect with only a GET request.
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 22 May 2013 14:03:11 -0400

On May 22, 2013, at 1:08 PM, Russ Combs <rcombs () sourcefire com> wrote:
On Wed, May 22, 2013 at 11:27 AM, Shawn Lee <dashawn () gmail com> wrote:
Thanks for the input. That works great on static files. Is there a way to
have this work with snort listening to an interface in IDS mode?

Presently, not without the ACK.

To clarify, this will work if you use "preprocessor normalize_tcp: ips" directive in your snort.conf.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault