On Thu, 29 Nov 2007, [EMAIL PROTECTED] wrote:
Similar to SMTP decoding algorithm is it possible to have decoding
algorithm for RPC, DHCP and DNS protocol.
dugsong's dpkt code can do all of this:
http://dpkt.googlecode.com/svn/trunk/dpkt/
note that the number of RPC program are huge and long and each seem to use
their own opcodes, so getting a truly comprehensive decode may be a bit
more work.
hope this is useful.
________
jose nazario, ph.d. http://monkey.org/~jose/
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
