[Snort-devel] http_gunzip preprocessor

Frank Knobbe frank at ...2134...
Thu Jan 5 10:34:03 EST 2006

On Thu, 2006-01-05 at 12:52 -0500, Eric Lauzon wrote:
> Think about javascript emulation, html(base64 decoding), uudecode ,
> cache (dns poisoning 
> and xss[cross zone] detection), SSL MITM for encrypted stream inspection

I thought I said that earlier. I'm not after content screening. And
please stop bringing up SSL and such.

> [...] you need to have
> a product or opensource components that will be built for the purpose ,
> dont think
> you can have your IDS do the everything everytime.

*sigh*  I was under the impressions that IDSes are used to detect
intrusions. I'm not trying to misuse it as a content screen which you
have been trying to imply.

Could we please keep the devel list focused on the technical aspects and
not abuse it for misguided evangelism?


It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20060105/beaabfc3/attachment.sig>

More information about the Snort-devel mailing list