Snort mailing list archives

Previous By Date Next
Previous By Thread Next

http_preprocessor chunk_length parameter

From: KA L <sorandomsec () gmail com>
Date: Wed, 23 Oct 2013 11:00:23 -0400
Does this detect on just one chunk length being over the set limit or the
aggregate of all chunk lengths in a single session?

* chunk_length [non-zero positive integer] *
This option is an anomaly detector for abnormally large chunk sizes. This
picks
up the apache chunk encoding exploits, and may also alert on HTTP tunneling
that
uses chunk encoding.

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: