IDS mailing list archives
Re: Re: SMTP traffic
From: Jose Nazario <jose () monkey org>
Date: Fri, 30 Nov 2007 14:15:20 -0500 (EST)
On Thu, 29 Nov 2007, henry_smith () gmail com wrote:
Similar to SMTP decoding algorithm is it possible to have decoding algorithm for RPC, DHCP and DNS protocol.
dugsong's dpkt code can do all of this: http://dpkt.googlecode.com/svn/trunk/dpkt/note that the number of RPC program are huge and long and each seem to use their own opcodes, so getting a truly comprehensive decode may be a bit more work.
hope this is useful. ________ jose nazario, ph.d. http://monkey.org/~jose/ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.
------------------------------------------------------------------------
Current thread:
- Re: Re: SMTP traffic henry_smith (Nov 30)
- Re: Re: SMTP traffic Jose Nazario (Nov 30)