[Snort-users] Snort's capabilities

Savakh S sovakah at ...11827...
Wed Dec 10 17:25:40 EST 2014


Hi all,

I have a general question about snort's capabilities.
I know Snort works by "pattern matching" of attacks signatures since Snort
is not a "protocol analysis" IDS. However I saw Snort could detect a wrong
value "Content-length" in a Post HTTP request.
So, how can Snort detect this malformed request ? Is this a feature
provided by the preprocessor of the HTTP protocol ?

Thanks for your answers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20141210/cec1c392/attachment.html>


More information about the Snort-users mailing list