[Snort-sigs] http_preprocessor chunk_length parameter
sorandomsec at ...2420...
Wed Oct 23 11:00:23 EDT 2013
Does this detect on just one chunk length being over the set limit or the
aggregate of all chunk lengths in a single session?
* chunk_length [non-zero positive integer] *
This option is an anomaly detector for abnormally large chunk sizes. This
up the apache chunk encoding exploits, and may also alert on HTTP tunneling
uses chunk encoding.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-sigs