[Snort-inline-users] fnord and snort-inline

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I know that the fnord preprocessor is depreciated, but has anybody trie=
d a
converted fnord preprocessor for snort-inline?  While tools like ADmuta=
te
try to defeat IDS and in this case IPS by changing the NOP sled typical=
ly
0x90 to something that is equivalent and then encrypting the payload.  =
The
NOP sled would still have to be unencrypted and we could alert and drop=
 on
this.  What do you guy's think, If I adapted it for snort-inline would =
you
use it.  Does anybody know if it causes high false positives?

Regards,

Will=