Snort mailing list archives
Re: Snort's capabilities
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Wed, 10 Dec 2014 23:18:05 +0000
Snort is both a protocol analysis IPS and it has the ability to simple and extremely complex pattern matching and analysis. -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos
On Dec 10, 2014, at 5:25 PM, Savakh S <sovakah () gmail com> wrote: Hi all, I have a general question about snort's capabilities. I know Snort works by "pattern matching" of attacks signatures since Snort is not a "protocol analysis" IDS. However I saw Snort could detect a wrong value "Content-length" in a Post HTTP request. So, how can Snort detect this malformed request ? Is this a feature provided by the preprocessor of the HTTP protocol ? Thanks for your answers ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Attachment:
smime.p7s
Description:
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort's capabilities Savakh S (Dec 10)
- Re: Snort's capabilities Joel Esler (jesler) (Dec 10)