IDS mailing list archives
Re: Intrusion Detection Evaluation Datasets
From: Ravi Chunduru <ravi.is.chunduru () gmail com>
Date: Thu, 19 Mar 2009 20:00:24 -0700
Hi, I am not sure why you got the impression that I am bashing Snort. I was certainly not. I was eluding to have more intelligence in HTTP Engine in snort to interpret headers values such as content-length value as integer and provide additional rule keywords for comparing with the values like some web application firewalls do. Ravi On Thu, Mar 19, 2009 at 10:32 AM, Stefano Zanero <s.zanero () securenetwork it> wrote:
Ravi Chunduru wrote:perspective to change parameters in existing .so rules. There should be some solution like web application firewalls do - deep packet inspection and protocol parsing.Please, don't bash snort for the point of bashing it. "Deep packet inspection" and "protocol parsing" are things that snort and its plugins already do. Point out specific flaws or suspected flaws (as Damiano did), and not marketing labels. SZ
Current thread:
- Re: Intrusion Detection Evaluation Datasets, (continued)
- Re: Intrusion Detection Evaluation Datasets Ravi Chunduru (Mar 20)
- Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 20)
- Re: Intrusion Detection Evaluation Datasets Paul Schmehl (Mar 18)
- Re: Intrusion Detection Evaluation Datasets Martin Roesch (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Jim Sansing (Ritasa LLC) (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Martin Roesch (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Ravi Chunduru (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 19)
- Re: Intrusion Detection Evaluation Datasets Ravi Chunduru (Mar 20)
- Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 18)
- Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 16)
- Re: Intrusion Detection Evaluation Datasets Raffael Marty (Mar 13)
- Exploit-based signature is dead, or not? tanyoo10 (Mar 16)
- Re: Exploit-based signature is dead, or not? Sergio 'shadown' Alvarez (Mar 16)
- Re: Exploit-based signature is dead, or not? Jackie Lai (Mar 17)
- Re: Re: Exploit-based signature is dead, or not? tanyoo10 (Mar 17)
- RE: Exploit-based signature is dead, or not? Addepalli Srini-B22160 (Mar 17)
- Re: Exploit-based signature is dead, or not? Joel Esler (Mar 30)