Results 1 to 2 of 2

Thread: a question about preprocessor ???

  1. #1
    Junior Member
    Join Date
    Aug 2004

    a question about preprocessor ???

    in http_decode ,The original packet is not altered by this process. then why do this stage(preprocessor) when no changed ?
    what use it?

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Snort's HTTP decode preprocessor doesn't change the original packet but it does reduce the request to the proper format so that it can pass it through the detection engine. It merely does it to simplify the detection of malicious attempts.

    A good book for all this is Snort 2.1 Intrusion Detection by Brian Caswell et al, (ISBN 1-931836-74-4). Try it, you'll love it.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts