[Snort-devel] Evade from Snort for Web-base Attacks

Sam Ng sng at ...1047...
Sun Jan 6 19:35:02 EST 2002


Seems able to evade Snort by the following:

POST / HTTP/1.1
Host: www.host.com
Connection: keep-alive
Content-length: 10
[\n]
1234567890GET /cgi-bin/phf HTTP/1.1
Host: www.host.com
Connection: keep-alive
[\n]

I have tested with Apache web server only, but "should" be able to work for
any web servers if you find a "postable" path.

Sam Ng
Doctor A Security Systems (HK) Limited
708 Millennium City
378 Kwuntong Road
Kowloon
HONG KONG
Tel: +852 2342-4330
Fax: +852 2342-4310
email: sng at ...1047...








More information about the Snort-devel mailing list