Disclaimer

SNORTID
Enter a Snort ID to lookup (e.g 1:269)

"Snort" is a registered trademark of Sourcefire, Inc.

Site owned and maintained by Liam Somerville

©2009 SnortID.com - Developed by Cook Computing

Search String: 119:16

N.B.: Maximum of 50 results are displayed

SidSummaryImpact Detailed InformationAffected SystemsAttack ScenariosEase of AttackFalse PositiveFalse Negative Corrective ActionContributorsAdditional References
119:16 This event is generated when the pre-processor http_inspect detects network traffic that may constitute an attack. Unknown. This may be an attempt to evade an IDS. This event is generated when the http_inspect pre-processor detects the use of an oversized chunk encoded request. This may be an indicator of an attack against a web server. This event may also indicate the use of http tunneling. This event can be controlled using the ((http_inspect)) configuration options. Apache   Simple. None Known. None Known. Check the target host for signs of compromise. Apply any appropriate vendor supplied patches. Daniel Roelker Sourcefire Vulnerability Research Team Nigel Houghton HTTP IDS Evasions Revisited - Daniel Roelker
http://docs.idsresearch.org/http_ids_evasions.pdf