GEN:SID 1:1171
Message WEB-MISC whisker HEAD with large datagram
Summary This event is generated when an attempt is made to evade an
IDS in a possible web attack by sending an obfuscated request
using HEAD.
Impact Unknown.
Detailed Information Some CGI attacks can be accomplished by using HEAD instead of GET.
This method can be used by an attacker to obfuscate attacks or
reconnaissance in an attempt to evade IDS systems.
Affected Systems All systems running a web server.
Attack Scenarios An attacker runs an automated tool, like Whisker, or sends a hand-crafted
attack to a web server
Ease of Attack Simple. Automated tools are available.
Corrective Action Examine the packet to determine what kind of attack or probe was launched.
Additional References  
Rule References url: www.wiretrip.net/rfp/pages/whitepapers/whiskerids.html