Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fine tuning javascript normalize

From: Joel Esler <jesler () sourcefire com>
Date: Wed, 11 Jan 2012 10:20:11 -0500
James,

We'd love to have some pcaps of multiple obfuscation levels for testing.  If you don't mind.  You know the address to 
send them to.

In a future version of Snort we are going to allow you to define the amount of levels you can deobfuscate.

J

On Jan 11, 2012, at 9:51 AM, Lay, James wrote:


Hey all!
 
Any options to fine tune the new normalize_javascript option?  I get a fair amount of 120:9, obfuscation levels 
exceed 1…it’s pretty noisy on sites like yahoo and the like.  Thanks for any assistance.
 
James
------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual 
desktops for less than the cost of PCs and save 60% on VDI infrastructure 
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!



------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual 
desktops for less than the cost of PCs and save 60% on VDI infrastructure 
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: