-
August 4th, 2004, 08:22 AM
#1
Junior Member
a question about preprocessor ???
in http_decode ,The original packet is not altered by this process. then why do this stage(preprocessor) when no changed ?
what use it?
tnx
-
August 4th, 2004, 01:25 PM
#2
Snort's HTTP decode preprocessor doesn't change the original packet but it does reduce the request to the proper format so that it can pass it through the detection engine. It merely does it to simplify the detection of malicious attempts.
A good book for all this is Snort 2.1 Intrusion Detection by Brian Caswell et al, (ISBN 1-931836-74-4). Try it, you'll love it.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|