[Snort-devel] a doozie of a metaphysical question

Bill Gercken bgercken at ...351...
Tue Jun 12 23:24:51 EDT 2001


The answer that you seek young grass hopper, is in the question.
Does not one first need to analyze the content to help determine the
protocol?

:-)

-----Original Message-----
From: snort-devel-admin at lists.sourceforge.net
[mailto:snort-devel-admin at lists.sourceforge.net]On Behalf Of
tlewis at ...255...
Sent: Tuesday, June 12, 2001 10:35 PM
To: snort-devel at lists.sourceforge.net
Subject: [Snort-devel] a doozie of a metaphysical question


If you see a UDP packet with a source port of 123 (NTP) and a destination
port of 53 (DNS), then what protocol should you assume is used in that
packet?  If one were elbow-deep in building a next-generation intrusion
detection system with automatic protocol decomposition, then this sort
of question could be very important to one's quest...

--
Todd Lewis
tlewis at ...255...


_______________________________________________
Snort-devel mailing list
Snort-devel at lists.sourceforge.net
http://lists.sourceforge.net/lists/listinfo/snort-devel





More information about the Snort-devel mailing list