Re: [Snort-users] Rule Chaining

At 12:25 AM 2/25/2005, Madhur Nagar wrote:
>Hi
>I wanted to knw that does SNORT allow
>1. Rule Chaining - one rule calling another

Not that I'm aware of.

>2. Stateful Checking - Checking for a content in say
>10 packets and only if the content of all the 10
>matches then take some action

No, but this can be approximated with the threshold keyword.

>3. Remote Rule Updation


Eh? "rule updating"? Yes, snort rules can be updated, but that's done
outside of snort. There's even a handy tool called oinkmaster to help
automate it.


>I would also be grateful if someone could please tell
>me in which files is the source code for the rules
>related to the above topics

Sorry, I don't know off the top of my head.. do some grepping for threshold
in the code.



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users