[Oisf-users] libinjection

Victor Julien lists at inliniac.net
Thu Jul 4 09:09:21 UTC 2013


On 07/03/2013 07:54 PM, Seth Hall wrote:
> 
> On Jul 2, 2013, at 2:18 AM, Peter Manev <petermanev at gmail.com> wrote:
> 
>> Yes it is considered -
>> https://redmine.openinfosecfoundation.org/issues/547
> 
> 
> For the record, I just spent a few minutes and integrated this into Bro and ran it on some real world traffic and this isn't good.  There are a lot of false positives.  It's probably another one of those things that tends to work fine if you run it on your own server, but when you're watching general internet traffic it starts showing some flaws.

What data were you sending to it? I imagine we wouldn't use it to pass
random data to in, but instead something like and URI or even URI-query
values or something limited like this.

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------




More information about the Oisf-users mailing list