IDS mailing list archives

Re: Intrusion Detection Evaluation Datasets

From: Ravi Chunduru <ravi.is.chunduru () gmail com>
Date: Thu, 19 Mar 2009 20:00:24 -0700

Hi,

I am not sure why you got the impression that I am bashing Snort. I
was certainly not.
I was eluding to have more intelligence in HTTP Engine in snort to
interpret headers values such as content-length value as integer and
provide additional rule  keywords for comparing with the values like
some  web application firewalls do.

Ravi



On Thu, Mar 19, 2009 at 10:32 AM, Stefano Zanero
<s.zanero () securenetwork it> wrote:

Ravi Chunduru wrote:

perspective to change parameters in existing .so rules. There should
be some solution like web application firewalls do - deep packet
inspection and protocol parsing.


Please, don't bash snort for the point of bashing it. "Deep packet
inspection" and "protocol parsing" are things that snort and its plugins
already do. Point out specific flaws or suspected flaws (as Damiano
did), and not marketing labels.

SZ

Current thread:

Re: Intrusion Detection Evaluation Datasets, (continued)
- - - Re: Intrusion Detection Evaluation Datasets Ravi Chunduru (Mar 20)
    - Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 20)
    - Re: Intrusion Detection Evaluation Datasets Paul Schmehl (Mar 18)
    - Re: Intrusion Detection Evaluation Datasets Martin Roesch (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Jim Sansing (Ritasa LLC) (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Martin Roesch (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Ravi Chunduru (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Stefano Zanero (Mar 19)
    - Re: Intrusion Detection Evaluation Datasets Ravi Chunduru (Mar 20)
    - Re: Intrusion Detection Evaluation Datasets Damiano Bolzoni (Mar 18)
    - Re: Intrusion Detection Evaluation Datasets Seth Hall (Mar 16)
- Re: Intrusion Detection Evaluation Datasets Sam Gorton (Mar 13)
  - Re: Intrusion Detection Evaluation Datasets Raffael Marty (Mar 13)
  - Exploit-based signature is dead, or not? tanyoo10 (Mar 16)
    - Re: Exploit-based signature is dead, or not? Sergio 'shadown' Alvarez (Mar 16)
    - Re: Exploit-based signature is dead, or not? Jackie Lai (Mar 17)
    - Re: Re: Exploit-based signature is dead, or not? tanyoo10 (Mar 17)
    - RE: Exploit-based signature is dead, or not? Addepalli Srini-B22160 (Mar 17)
    - Re: Exploit-based signature is dead, or not? Joel Esler (Mar 30)

(Thread continues...)