Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Preprocessor :: HTTP Inspect

From: "Chinmay Mahata" <chinmay_mahata () rediffmail com>
Date: 9 Apr 2014 09:03:31 -0000
Hi All,
&nbsp;&nbsp; I have a query regarding preprocessor http_inspect.

In snort doc directory the file README.http_inspect says:

"The current version of HTTP Inspect only handles stateless processing.&nbsp; This
means that HTTP Inspect looks for HTTP fields on a packet-by-packet basis, and
will be fooled if packets are not reassembled.&nbsp; This works fine when there is
another module handling the reassembly, but there are limitations in analyzing
the protocol.&nbsp; Future versions will have a stateful processing mode which will
hook into various reassembly modules." 

We are getting this overview for all snort releases from 2.9.0.5 to 2.9.6.0.

So, in which future version of snort we can expect to get "stateful processing" after reassembling (and uncompressing) 
http packets in http_inspect preprocessor or is it already there ? 


Thanks in advance.

Best regards,
--Chinmay
&nbsp;

------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: