Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort's capabilities

From: Savakh S <sovakah () gmail com>
Date: Wed, 10 Dec 2014 23:25:40 +0100
Hi all,

I have a general question about snort's capabilities.
I know Snort works by "pattern matching" of attacks signatures since Snort
is not a "protocol analysis" IDS. However I saw Snort could detect a wrong
value "Content-length" in a Post HTTP request.
So, how can Snort detect this malformed request ? Is this a feature
provided by the preprocessor of the HTTP protocol ?

Thanks for your answers

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: