Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort's capabilities

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Wed, 10 Dec 2014 23:18:05 +0000
Snort is both a protocol analysis IPS and it has the ability to simple and extremely complex pattern matching and 
analysis.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos


On Dec 10, 2014, at 5:25 PM, Savakh S <sovakah () gmail com> wrote:

Hi all,

I have a general question about snort's capabilities.
I know Snort works by "pattern matching" of attacks signatures since Snort is not a "protocol analysis" IDS. However 
I saw Snort could detect a wrong value "Content-length" in a Post HTTP request.
So, how can Snort detect this malformed request ? Is this a feature provided by the preprocessor of the HTTP protocol 
?

Thanks for your answers
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Attachment: smime.p7s
Description: 

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: