| From: | "Andrew Dunstan" <andrew(at)dunslane(dot)net> |
|---|---|
| To: | <Robert_Creager(at)LogicalChaos(dot)org> |
| Cc: | pgbuildfarm-members(at)pgfoundry(dot)org |
| Subject: | Re: [Pgbuildfarm-members] Build farm triggering Snort alerts... |
| Date: | 2005-12-28 12:55:16 |
| Message-ID: | 3587.24.211.165.134.1135774516.squirrel@www.dunslane.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | buildfarm-members |
Robert Creager said:
>
> Just something interesting I noticed. The scripts are triggering Snort
> alerts (BARE BYTE UNICODE ENCODING and OVERSIZE REQUEST-URI DIRECTORY),
> on the outbound session when sending results.
>
Then snort is being absurdly paranoid, and needs to chill. ;-)
The supposed "directory" doesn't exist, of course. What it probably thinks
is a directory name is in fact the request signature which we append to the
URL and the script extracts via PATHINFO. e.g.:
127.0.0.1 - - [28/Dec/2005:02:37:50 -0800] "POST
/cgi-bin/pgstatus.pl/aaac141e46ea17aee8cf3012adc174fcac273e62 HTTP/1.1"
200 59
as for the unicode - I have no idea what it's talking about - perl's LWP
should be encoding anything that requires it properly.
If someone can work out snort settings to silence these alerts then please
let us all know - I don't use snort so I have no idea.
cheers
andrew
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2005-12-29 18:31:49 | [Pgbuildfarm-members] release 2.12 of client code |
| Previous Message | Robert Creager | 2005-12-28 05:05:53 | [Pgbuildfarm-members] Build farm triggering Snort alerts... |