Re: [Snort-users] Rule Chaining
This is a discussion on Re: [Snort-users] Rule Chaining within the Snort forums, part of the System Security and Security Related category; On Thu, Feb 24, 2005 at 09:25:35PM -0800, Madhur Nagar wrote: > 1. Rule Chaining - one rule calling ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-25-2005
|
|||
|
|||
Re: [Snort-users] Rule Chaining
On Thu, Feb 24, 2005 at 09:25:35PM -0800, Madhur Nagar wrote:
> 1. Rule Chaining - one rule calling another FYI, most uses of activate/dynamic should be replaced with flowbits. Sure flowbits only works on a single flow, but it works oh so much better than activate/dynamic rules. > 2. Stateful Checking - Checking for a content in say 10 packets and > only if the content of all the 10 matches then take some action Sure, thresholding can do this. > 3. Remote Rule Updation Sounds like you need snort-perl 1.0 :P. Remote rule installation was one of the primary features I added in my latest iteration of snort + perl. http://www.shmoo.com/~bmc/software/snort-perl/ Brian ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
