Hopefully no one will claim that the use of
DPI in the following way is bad.
Sourcefire announced that "
its Vulnerability Research Team (VRT) protects customers against the recently released "Apache Killer" tool, as well as attacks against the underlying vulnerability that enables it .. Using large malformed HTTP headers, Apache Killer allows an attacker to use a single PC to perform a denial of service attack. This attack is easily detected by the Snort engine's HTTP Inspect preprocessor, which has an option to block oversized HTTP headers"
Matt Watchinski (pictured), Vice President of Vulnerability Research at Sourcefire said: "
Our solution to Apache Killer is a great example of the enormous amount of protocol intelligence and deep packet inspection capability in the Snort engine .. By allowing customers to identify anomalous network traffic at a general level, the Snort engine provides detection ahead of the threat for a variety of new exploits"
See "
Sourcefire Protects Customers Against "Apache Killer" Exploit" - here.
No comments:
Post a Comment