[Snort-devel] http_gunzip preprocessor

Frank Knobbe frank at ...2134...
Thu Jan 5 10:34:03 EST 2006


On Thu, 2006-01-05 at 12:52 -0500, Eric Lauzon wrote:
> Think about javascript emulation, html(base64 decoding), uudecode ,
> cache (dns poisoning 
> and xss[cross zone] detection), SSL MITM for encrypted stream inspection

I thought I said that earlier. I'm not after content screening. And
please stop bringing up SSL and such.

> [...] you need to have
> a product or opensource components that will be built for the purpose ,
> dont think
> you can have your IDS do the everything everytime.

*sigh*  I was under the impressions that IDSes are used to detect
intrusions. I'm not trying to misuse it as a content screen which you
have been trying to imply.

Could we please keep the devel list focused on the technical aspects and
not abuse it for misguided evangelism?

-Frank

-- 
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20060105/beaabfc3/attachment.sig>


More information about the Snort-devel mailing list