Snort keeps blocking websites that I visit and other applications such as Skydri



  • A lot of websites I visit usually keeps getting blocked by Snort and I get the below message. i'd really appreciate any input on which rule this message belong to so I could disable it. I don't want to disable http inspection but i'd like to know how to stop getting websites that I visit from getting blocked.

    (http_inspect) NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE - 12/06-10:55:01
    2 items listed.

    thanks a lot



  • I just went to the alerts tab and surpressed this one and restarted the interface since it was mainly false positives or just plain annoying.



  • Thanks a lot kilthro, I basically didn't know how to do suppress until I have followed some threads now i do :D
    your help is much appreciated, i'm writing a tutorial on how to do so with snapshots to make it easy for anyone else to know how to deal with this coz it took me days to find out.



  • Sure. Glad you got it worked out. Its really easy to supress them now. Yea once you setup a list and tell snort to use the list its easy to add alerts to it now. It use to be manually typing them in but now you can click the + icon next to alert id and it will auto add and all u need to do is restart snort.



  • oh shit lol I didn'tk now that, I have created a basic list with suppress command in the list. :D but that would also be useful to work on other snort GUI just in case the add option wasn't available.


Locked