Snort mailing list archives
(no subject)
From: sumit vora <sumitvora () yahoo co uk>
Date: Sun, 22 Feb 2004 23:32:13 +0000 (GMT)
Hi folks... Can anyone tell me...When Snort is "examining" the content of a packet...What happens...does it hold the packet at the gateway, and look for one string, say "chmod" all over the packet, as one rule might supposedly say, then, look for another, and another, and so on...? Meaning, Does it look for all strings of interest in all the 2000 rules that are now posted on the link at the same time, or, does it hold the packet until each string of interest has been looked up, (i.e. Does it examine the packet payload several times for different strings, or, just once, for all strings)... And, if only once, for all strings, how does snort take into account different depths to which the packet must be searched for different strings, and give a result without false positives????????? Please folks...Serious doubt, and gotta get over it.... I'd appreciate any help... Thanks, Sumit. ___________________________________________________________ Yahoo! Messenger - Communicate instantly..."Ping" your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- (no subject) jhally (Jan 26)
- <Possible follow-ups>
- (no subject) tony . williams (Jan 26)
- (no subject) Finney Charles E (Feb 16)
- (no subject) sumit vora (Feb 22)
- Re: (no subject) Keith W. McCammon (Feb 22)
- (no subject) marcio (Feb 23)
- (no subject) Kris (Mar 30)