Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sourcefire VRT Certified Snort RulesUpdate2010-03-17

From: L0rd Ch0de1m0rt <l0rdch0de1m0rt () gmail com>
Date: Wed, 24 Mar 2010 08:48:58 -0500
On Tue, Mar 23, 2010 at 8:50 PM, Sethsec <sethsec () gmail com> wrote:


Evilghost,

To Sourcefires defense, I can't imagine that any of the IDS vendors
can do any better on the gzip side. It is an industry wide issue.
Gzip, and client side in general.

Trust me, I was just as suprised when I first learned this myself.



 I could be wrong but I thought RealSecure/Proventia has been able to
decode/inspect gzip for years.  Maybe someone from ISS can comment?  Rob
Graham?

-L0rd Ch0de1m0rt
**

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
Previous By Date Next
Previous By Thread Next

Current thread: