[Oisf-users] HTTP parsing events in Suricata
Peter Manev
petermanev at gmail.com
Thu Jan 12 07:51:23 UTC 2012
I guess if you have lots of packet losses there will be lots of http parse
errs (and not only).... or you can try increasing the anomaly counters for
example for http, if that is of concearn.
thanks
On Wed, Jan 11, 2012 at 10:03 PM, Seth Hall <seth at icir.org> wrote:
>
> On Jan 11, 2012, at 2:20 PM, Victor Julien wrote:
>
> > I would be interested to hear experiences on busy networks with these
> > rules enabled!
>
>
> How does this fare if you have packet loss during the session?
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
--
Peter Manev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120112/82022655/attachment-0002.html>
More information about the Oisf-users
mailing list