|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
[Snort-devel] Snort Pattern-Matching Steps
From: <mcenroe(at)dli.ernet.in>
Date: Wed Feb 25 2004 - 00:17:57 EST
SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Wed Feb 25 00:20:24 2004
Date: Wed Feb 25 2004 - 00:17:57 EST
Hi,
I have read one 'Snort Internals' pdf file.In that they have written 'Snort will check for the rule header and then it will check for the rule option'
Why we cannot do it in the other way like
- construct the TCP stream(part of or full stream).
- Check for content or uricontent using detection engine.
- If content is there check rule header.
To my knowledge in n/w security field..I cannot able to find a single statement for not selecting the above steps.
Thanks
McEnroe.
The greatest pleasure in life is doing what people say you cannot do.
Successful People Do Daily What Unsuccessful People Do Occasionally.
Office Phone no : 080 - 23600653/54/59 .Ext : 421 Alternative Email id : itmcen@yahoo.com
SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Wed Feb 25 00:20:24 2004
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:08:10 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |