Hi, I am not sure why you got the impression that I am bashing Snort. I was certainly not. I was eluding to have more intelligence in HTTP Engine in snort to interpret headers values such as content-length value as integer and provide additional rule keywords for comparing with the values like some web application firewalls do.
Ravi On Thu, Mar 19, 2009 at 10:32 AM, Stefano Zanero <[email protected]> wrote: > Ravi Chunduru wrote: > >> perspective to change parameters in existing .so rules. There should >> be some solution like web application firewalls do - deep packet >> inspection and protocol parsing. > > Please, don't bash snort for the point of bashing it. "Deep packet > inspection" and "protocol parsing" are things that snort and its plugins > already do. Point out specific flaws or suspected flaws (as Damiano > did), and not marketing labels. > > SZ >
