Snort mailing list archives

snort signature failed to prevent attack in inline mode

From: Mitesh Jadia <mitesh.jadia () gmail com>
Date: Sat, 28 Sep 2013 11:47:10 +0530

Hello,

    I have one smtp based attack which is encode in format uuencode.
    Server Response is in one single packet. But As per I know smtp
preprocessor is working only on reassembled packets. So when client gives
ACK of this malicious packet, server side of stream is reassembled and I
get decoded data of server response. So in this case, snort is only able to
detect this attack not to prevent. How I should take care of this scenario.

Regards,
Mitesh Jadia

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!

Current thread:

snort signature failed to prevent attack in inline mode Mitesh Jadia (Sep 27)
- Re: [Snort-devel] snort signature failed to prevent attack in inline mode Edward Borgoyn (Sep 30)