[Snort-users] snort signature failed to prevent attack in inline mode

Mitesh Jadia mitesh.jadia at ...11827...
Sat Sep 28 02:17:10 EDT 2013


    I have one smtp based attack which is encode in format uuencode.
    Server Response is in one single packet. But As per I know smtp
preprocessor is working only on reassembled packets. So when client gives
ACK of this malicious packet, server side of stream is reassembled and I
get decoded data of server response. So in this case, snort is only able to
detect this attack not to prevent. How I should take care of this scenario.

Mitesh Jadia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130928/159b8c44/attachment.html>

More information about the Snort-users mailing list