Re: [Snort-users] Wu-Manber, Aho-Corasick, Boyer Moore.
This is a discussion on Re: [Snort-users] Wu-Manber, Aho-Corasick, Boyer Moore. within the Snort forums, part of the System Security and Security Related category; At 05:50 AM 6/10/2004, kinek wrote: >Hey all, > >is it possible to select one ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-11-2004
|
|||
|
|||
Re: [Snort-users] Wu-Manber, Aho-Corasick, Boyer Moore.
At 05:50 AM 6/10/2004, kinek wrote:
>Hey all, > >is it possible to select one of the multi-pattern-search-algorithms >sophisticated for one Protokol? So that >for example the ICMP Packets are performed by Qu-Manber and UDP Packets by >Aho-Corasick. >Are there other possibilities to differentiate the use of these algorithms? > >How can i select one specific multi-pattern-search-algorithms? (even if it >is not possible to differentiate the use of it) It's not documented in the snort.conf file yet, but from the 2.1.2 source code of fpcreate.c: Search method is set using "config detect: search-method ac | mwm | auto" Where ac is Aho-Chorasick, and mwm is Modified Wu-Manber. It also seems to support "lowmem" which appears to end up using the Boyer Moore algorithm from looking at mpse.c (MPSE_LOWMEM results in the same behavior as MPSE_KTBM) However, it doesn't appear that you can select which one on a per-protocol basis. ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X. From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
