[Snort-users] Snort's capabilities

Joel Esler (jesler) jesler at ...589...
Wed Dec 10 18:18:05 EST 2014


Snort is both a protocol analysis IPS and it has the ability to simple and extremely complex pattern matching and analysis.

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos

> On Dec 10, 2014, at 5:25 PM, Savakh S <sovakah at ...11827...> wrote:
> 
> Hi all,
> 
> I have a general question about snort's capabilities.
> I know Snort works by "pattern matching" of attacks signatures since Snort is not a "protocol analysis" IDS. However I saw Snort could detect a wrong value "Content-length" in a Post HTTP request.
> So, how can Snort detect this malformed request ? Is this a feature provided by the preprocessor of the HTTP protocol ?
> 
> Thanks for your answers
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20141210/e12975b0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4881 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20141210/e12975b0/attachment.bin>


More information about the Snort-users mailing list