[Snort-devel] Snort 1.9 cvs - ASN.1

Smith, Donald Donald.Smith at ...530...
Fri Apr 26 06:54:14 EDT 2002


I would love to see a few full packets.
But violation of ber encoding is how the protos stuff works. Any other tool
that
is based on the same concepts will work the same.
So in many ways this rule is like the generic unicode exploit rule. It can 
pick up NEW attacks.


Donald.Smith at ...530... GCIA
QIS/WWN Security
303-226-9939 Office
720-320-1537 cell

> -----Original Message-----
> From: Steve Rudolph [mailto:srudolph at ...1213...]
> Sent: Friday, April 26, 2002 7:32 AM
> To: snort-devel at lists.sourceforge.net
> Subject: Re: [Snort-devel] Snort 1.9 cvs - ASN.1
> 
> 
> So If I understand this correctly, this ASN.1 looks for 
> protocols which
> do not follow this standard?
> It would be nice if we could exclude certain source addresses 
> from this
> preprocessor like on the portscan with the ignore-hosts.
> I would love to help, but I have not programmed since my 
> Atari 800 with
> the Basic cartridge.  Do you have any pointers on where to start for
> learning C?
> 
> Steve
> 
> Chris Green wrote:
> > 
> > Steve Rudolph <srudolph at ...1213...> writes:
> > 
> > > Snort Developers,
> > > First I would like to thank all of you for your very hard 
> work to make
> > > us all more aware of our own networks.
> > >
> > > I find it strange that It is reporting only the machines polling
> > > SNMP?
> > 
> > Well, thats what it should be looking at :-)
> > 
> > > Can anyone give me an Idea of what is up with this?
> > > I can get you more information if needed.
> > 
> > ASN.1 stuff is in the "to be worked on section"
> > >
> > > Thanks for your help,
> > > Steve
> > > --
> > > Steve Rudolph CCSA, CCSE
> > > Network Security Engineer
> > > Internet Operations Center
> > > Southfield, MI
> > 
> > --
> > Chris Green <cmg at ...402...>
> > A good pun is its own reword.
> 
> -- 
> Steve Rudolph CCSA, CCSE
> Network Security Engineer 
> Internet Operations Center
> Southfield, MI
> 




More information about the Snort-devel mailing list