Snort mailing list archives

Re: RPC decoder overflow in snort-inline and hogwash

From: Chris Green <cmg () sourcefire com>
Date: Tue, 04 Mar 2003 17:24:33 -0500

William_Metcalf () kcmo org writes:

Can anyone tell me if this affects snort-inline and or hogwash?  If a rule
has been written will it detect and drop the packet before it reaches the
RPC decoder?


Atleast in Snort, no.  Disable preprocessor rpc_decode.
-- 
Chris Green <cmg () sourcefire com>
You now have 14 minutes to reach minimum safe distance.


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

RPC decoder overflow in snort-inline and hogwash William_Metcalf (Mar 04)
- Re: RPC decoder overflow in snort-inline and hogwash Chris Green (Mar 04)