[Snort-devel] a doozie of a metaphysical question
emf at ...28...
Wed Jun 13 11:25:54 EDT 2001
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, Jun 13, 2001 at 10:12:36AM -0400, tlewis at ...255... wrote:
> In fact, now that I think about it, you can't rely on DNS opcode or rcode
> ranges to identify DNS packets, since having illegal values for these is
> a very good attack.
Pshaw. It's very hard to tell what something IS, but it's not very
hard at all to tell what something ISN'T.
"This ISN'T a sensible DNS packet... Perhaps it should be looked at further..."
Security Administrator, ServerVault, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the Snort-devel