[Oisf-devel] http evasion research
Ivan Ristic
ivan.ristic at gmail.com
Wed Jun 12 20:53:17 UTC 2013
I'll try to have a look at some of those by the end of the week
(against libhtp 0.5.x).
I am generally aware of those evasion opportunities, although my
attention was more on the other side -- evading attacks when attacking
web servers. For example, IIS will ignore a Transfer-Encoding server
when HTTP 1.0 is used, but Apache will not.
On Wed, Jun 12, 2013 at 7:16 PM, Victor Julien <victor at inliniac.net> wrote:
> I think we should test how these researched cases are handled by
> suricata and libhtp:
>
> http://noxxi.de/research/dubious-http.html
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate: http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
--
Ivan Ristić
More information about the Oisf-devel
mailing list