Snort mailing list archives
http_preprocessor chunk_length parameter
From: KA L <sorandomsec () gmail com>
Date: Wed, 23 Oct 2013 11:00:23 -0400
Does this detect on just one chunk length being over the set limit or the aggregate of all chunk lengths in a single session? * chunk_length [non-zero positive integer] * This option is an anomaly detector for abnormally large chunk sizes. This picks up the apache chunk encoding exploits, and may also alert on HTTP tunneling that uses chunk encoding.
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- http_preprocessor chunk_length parameter KA L (Oct 23)