IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: SMTP traffic

From: Jose Nazario <jose () monkey org>
Date: Fri, 30 Nov 2007 14:15:20 -0500 (EST)
On Thu, 29 Nov 2007, henry_smith () gmail com wrote:
Similar to SMTP decoding algorithm is it possible to have decoding algorithm for RPC, DHCP and DNS protocol. 

dugsong's dpkt code can do all of this:

        http://dpkt.googlecode.com/svn/trunk/dpkt/
note that the number of RPC program are huge and long and each seem to use their own opcodes, so getting a truly comprehensive decode may be a bit more work. 

hope this is useful.

________
jose nazario, ph.d.                 http://monkey.org/~jose/

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. 
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: