Dug Song wrote: > > On Thu, Jan 10, 2002 at 06:34:38PM -0800, diphenat_private wrote: > > > I'm doing some work on parsing RPC protocols as part of my job, and I'm > > wondering if I've come up with a previously-unknown way of evading IDS > > for RPC-based attacks. > > i mentioned (and implemented) this about two years ago. Robert Graham > subsequently fixed this in his NetworkICE product, not sure about others: > > http://archives.neohapsis.com/archives/ids/2000-q1/0007.html > http://archives.neohapsis.com/archives/ids/2000-q1/0149.html Snort's spp_rpc_decode preprocessor will also normalize RPC traffic broken up by record markers. [...] > > -d. > > --- > http://www.monkey.org/~dugsong/ -Jeff -- http://jeff.wwti.com (pgp key available) "Common sense is the collection of prejudices acquired by age eighteen." - Albert Einstein
This archive was generated by hypermail 2b30 : Sat Jan 12 2002 - 19:46:33 PST