[Snort-sigs] Anti-IDS Rules patcher.

Brian bmc at ...95...
Tue Feb 4 17:05:19 EST 2003


On Sat, Feb 01, 2003 at 01:16:21AM +0100, Glenn Larsson wrote:
> Hi, i played with a few IDS evasion tricks
> against Snort today; one scanner i found
> (twwwscan) employ a few simple tricks in
> the URI like:
> 
> "/./", "\\", "/"

Ok... so did snort not catch those?  What version are you using?  Do you
have the http_decode preprocessor enabled?

BTW, slamming someone isn't the best way to get something changed.

-brian




More information about the Snort-sigs mailing list