[Snort-devel] a doozie of a metaphysical question

Erik Fichtner emf at ...28...
Wed Jun 13 11:25:54 EDT 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Jun 13, 2001 at 10:12:36AM -0400, tlewis at ...255... wrote:
> In fact, now that I think about it, you can't rely on DNS opcode or rcode 
> ranges to identify DNS packets, since having illegal values for these is 
> a very good attack.

Pshaw.   It's very hard to tell what something IS, but it's not very 
hard at all to tell what something ISN'T.

"This ISN'T a sensible DNS packet... Perhaps it should be looked at further..."


- -- 
Erik Fichtner
Security Administrator, ServerVault, Inc.
703-333-5900
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7J4YBQ7EzrewLMS0RAjmaAJ0ROCE1qGUnZQ3zKobvJMLUJAMoXQCeJeFy
VLbWy0LuXNZcXr2fi9zhx1E=
=2VdI
-----END PGP SIGNATURE-----




More information about the Snort-devel mailing list