[Snort-devel] snort signature failed to prevent attack in inline mode
mitesh.jadia at ...2499...
Sat Sep 28 02:17:10 EDT 2013
I have one smtp based attack which is encode in format uuencode.
Server Response is in one single packet. But As per I know smtp
preprocessor is working only on reassembled packets. So when client gives
ACK of this malicious packet, server side of stream is reassembled and I
get decoded data of server response. So in this case, snort is only able to
detect this attack not to prevent. How I should take care of this scenario.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel