|
|
Focus on IDS
Re: Intrusion Detection Evaluation Datasets Mar 13 2009 03:13PM \Zow\ Terry Brugger (zow acm org) (2 replies) Re: Intrusion Detection Evaluation Datasets Mar 13 2009 08:05PM Paul Palmer (b paul palmer gmail com) (1 replies) Re: Intrusion Detection Evaluation Datasets Mar 14 2009 12:58AM Damiano Bolzoni (damiano bolzoni utwente nl) (1 replies) Re: Intrusion Detection Evaluation Datasets Mar 16 2009 06:39PM Paul Schmehl (pschmehl_lists tx rr com) (2 replies) Re: Intrusion Detection Evaluation Datasets Mar 17 2009 09:43PM Damiano Bolzoni (damiano bolzoni utwente nl) Re: Intrusion Detection Evaluation Datasets Mar 17 2009 09:01PM Damiano Bolzoni (damiano bolzoni utwente nl) (1 replies) Re: Intrusion Detection Evaluation Datasets Mar 18 2009 06:31PM Paul Schmehl (pschmehl_lists tx rr com) (1 replies) Re: Intrusion Detection Evaluation Datasets Mar 18 2009 07:39PM Seth Hall (hall 692 osu edu) (2 replies) Re: Intrusion Detection Evaluation Datasets Mar 18 2009 10:08PM Paul Schmehl (pschmehl_lists tx rr com) (1 replies) Re: Intrusion Detection Evaluation Datasets Mar 19 2009 12:49AM Martin Roesch (roesch sourcefire com) (2 replies) Re: Intrusion Detection Evaluation Datasets Mar 19 2009 03:15PM Ravi Chunduru (ravi is chunduru gmail com) (2 replies) Re: Intrusion Detection Evaluation Datasets Mar 19 2009 05:32PM Stefano Zanero (s zanero securenetwork it) (1 replies) Re: Intrusion Detection Evaluation Datasets Mar 19 2009 09:06AM Damiano Bolzoni (damiano bolzoni utwente nl) (2 replies) Re: Intrusion Detection Evaluation Datasets Mar 19 2009 06:45PM Martin Roesch (roesch sourcefire com) Re: Intrusion Detection Evaluation Datasets Mar 19 2009 06:25PM Jim Sansing (Ritasa LLC) (jjsansing verizon net) Re: Intrusion Detection Evaluation Datasets Mar 18 2009 08:21PM Damiano Bolzoni (damiano bolzoni utwente nl) (3 replies) Re: Intrusion Detection Evaluation Datasets Mar 18 2009 10:16PM Paul Schmehl (pschmehl_lists tx rr com) (1 replies) Re: Intrusion Detection Evaluation Datasets Mar 19 2009 06:33PM Joel Esler (eslerj gmail com) (1 replies) Re: Intrusion Detection Evaluation Datasets Mar 18 2009 09:39PM Stefano Zanero (s zanero securenetwork it) (1 replies) Re: Intrusion Detection Evaluation Datasets Mar 18 2009 10:19PM Damiano Bolzoni (damiano bolzoni utwente nl) (1 replies) Re: Intrusion Detection Evaluation Datasets Mar 19 2009 05:29PM Stefano Zanero (s zanero securenetwork it) (1 replies) Re: Intrusion Detection Evaluation Datasets Mar 19 2009 06:42PM Stuart Staniford (sstaniford FireEye com) (1 replies) Re: Intrusion Detection Evaluation Datasets Mar 19 2009 06:47PM Stefano Zanero (zanero elet polimi it) (1 replies) Re: Intrusion Detection Evaluation Datasets Mar 19 2009 09:14PM Damiano Bolzoni (damiano bolzoni utwente nl) (1 replies) |
|
Privacy Statement |
I am not sure why you got the impression that I am bashing Snort. I
was certainly not.
I was eluding to have more intelligence in HTTP Engine in snort to
interpret headers values such as content-length value as integer and
provide additional rule keywords for comparing with the values like
some web application firewalls do.
Ravi
On Thu, Mar 19, 2009 at 10:32 AM, Stefano Zanero
<s.zanero (at) securenetwork (dot) it [email concealed]> wrote:
> Ravi Chunduru wrote:
>
>> perspective to change parameters in existing .so rules. There should
>> be some solution like web application firewalls do - deep packet
>> inspection and protocol parsing.
>
> Please, don't bash snort for the point of bashing it. "Deep packet
> inspection" and "protocol parsing" are things that snort and its plugins
> already do. Point out specific flaws or suspected flaws (as Damiano
> did), and not marketing labels.
>
> SZ
>
[ reply ]