Hosting Provided By

RE: [Snort-devel] Multirule inspection engine

From: Marc Norton <marc.norton(at)sourcefire.com>
Date: Mon Jun 23 2003 - 15:53:27 EDT

The Wu manber and most multi-pattern search engines find all occurrences of patterns. However, remember snort only logs one event per packet. So, we queue up all of the occurrences, and select one. Usually the longest content that matches is considered the most significant and accurate. Someday we'll log multiple packets.

-----Original Message-----
From: snort-devel-admin@lists.sourceforge.net [mailto:snort-devel-admin@lists.sourceforge.net] Sent: Monday, June 16, 2003 3:54 PM
To: snort-devel@lists.sourceforge.net
Subject: [Snort-devel] Multirule inspection engine

The engine (based on wu manber algorithm) finds all the occurrences of a pattern in a packet or the first one?

Antonatos Spiros

This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php

Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel

application/ms-tnef attachment: winmail.dat

Received on Mon Jun 23 16:09:56 2003

This message: [ Message body ]
Next message: m.stiefenhofer(at)ecofis.de: "Re: Re: [Snort-devel] extend rules options to check tcp win size"
Previous message: Martin Olsson: "[Snort-devel] New feature in snort - mark modified packets"
In reply to: Antonatos Spiros: "[Snort-devel] Multirule inspection engine"
Next in thread: Daniel J. Roelker: "RE: [Snort-devel] Multirule inspection engine"
Reply: Daniel J. Roelker: "RE: [Snort-devel] Multirule inspection engine"
Reply: Hutchinson, Andrew: "RE: [Snort-devel] Elementry"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:06 EDT