Re: Question about http_inspect

[Asim Jamshed <asim.jamshed () gmail com>]

Thanks. Can you please elaborate on why it cannot do stateful inspection on
server response?

--Asim

On Monday, September 21, 2015, Rahul Burman (rahburma) <rahburma () cisco com>
wrote:

> HttpInspect module is stateless while inspecting the server responses.
> There is a provision to do both stateless and stateful traffic inspection.
>
> Regards
> Rahul
>
> -----Original Message-----
> From: Asim Jamshed [mailto:asim.jamshed () gmail com <javascript:;>]
> Sent: Sunday, September 20, 2015 4:55 PM
> To: snort-devel () lists sourceforge net <javascript:;>
> Subject: [Snort-devel] Question about http_inspect
>
> Hi,
>
> I was going through the Snort manual and it says that the http inspect
> module is stateless (analyzes flows on a per-packet basis). Is that right?
> I was wondering why it can use stream5 module and perform stateful
> management like ftp, telnet and smtp protocols?
>
> Thanks,
> --Asim
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> Snort-devel mailing list
> Snort-devel () lists sourceforge net <javascript:;>
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!