[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-ids
Subject: Re: Re: SMTP traffic
From: Jose Nazario <jose () monkey ! org>
Date: 2007-11-30 19:15:20
Message-ID: Pine.BSO.4.64.0711301414090.12024 () funky ! monkey ! org
[Download RAW message or body]
On Thu, 29 Nov 2007, henry_smith@gmail.com wrote:
> Similar to SMTP decoding algorithm is it possible to have decoding
> algorithm for RPC, DHCP and DNS protocol.
dugsong's dpkt code can do all of this:
http://dpkt.googlecode.com/svn/trunk/dpkt/
note that the number of RPC program are huge and long and each seem to use
their own opcodes, so getting a truly comprehensive decode may be a bit
more work.
hope this is useful.
________
jose nazario, ph.d. http://monkey.org/~jose/
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic