Results 1 to 2 of 2

Thread: a question about preprocessor ???

  1. August 4th, 2004, 08:22 AM #1
    zahra79
    zahra79 is offline
    Junior Member
    Join Date
    Aug 2004
    Posts
    12

    a question about preprocessor ???

    in http_decode ,The original packet is not altered by this process. then why do this stage(preprocessor) when no changed ?
    what use it?
    tnx
    Reply With Quote Reply With Quote
  2. August 4th, 2004, 01:25 PM #2
    Tiger Shark
    Tiger Shark is offline
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Snort's HTTP decode preprocessor doesn't change the original packet but it does reduce the request to the proper format so that it can pass it through the detection engine. It merely does it to simplify the detection of malicious attempts.

    A good book for all this is Snort 2.1 Intrusion Detection by Brian Caswell et al, (ISBN 1-931836-74-4). Try it, you'll love it.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules