[Snort-devel] SNMP evasion.

Daniel Roelker droelker at ...402...
Tue Jun 29 14:29:01 EDT 2004


On Tue, 2004-06-29 at 16:56, mcenroe at ...2397... wrote:
> 
> Hi all,
> 
> I wants details about the SNMP evasion techniques.
> I googled for long time but i didnt get anything.
> 

An SNMP evasion was illustrated in the program SideStep by Robert
Graham.  http://www.robertgraham.com/tmp/sidestep.html

The evasion had to do with the way you could encode ASN.1 object
identifiers using the extended format (by setting the high order bit).

For more information, download SideStep, run the SNMP evasion and look
at it using ethereal.  You'll find what you need there.  :)

> somewhere i read "Dan Roelker did the SNMP piece "
> but when i searched for the file or mail...i couldnt able to find anything.

That was in regards to some development I did on the Dragon IDS, I don't
believe anything was ever published.

-- 
Daniel Roelker
Software Developer
Sourcefire, Inc.





More information about the Snort-devel mailing list