Snort mailing list archives
Re: Rule efficiency
From: Alex Tatistcheff <alext () pobox com>
Date: Tue, 7 Sep 2010 08:43:37 -0600
On Mon, Jul 26, 2010 at 3:09 PM, Isherwood, Jeffrey - IS < Jeffrey.Isherwood () itt com> wrote:
LoL ;) well, while the outside hosts should not make it past the firewalls etc... I'd like to know that they are trying... so I am looking for traffic bi-directionaly. I do not have access to the DNS servers... and since many of the domains I'm chasing are dynamic... without access to DNS I'm stuck watching for content... And yes... even if the domains are down, I'm very interested in hosts internally that might be looking for crappydomain.com and it's friends -----Original Message----- From: waldo kitty [mailto:wkitty42 () windstream net] Sent: Monday, July 26, 2010 3:38 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Rule efficiencya quick question concerning your task... is this concerning sites thatyou host/hosted soyou are looking for inbound traffic to them or are these sites that thecorporate entity hasplaced "out of bounds" and you are looking for outbound traffic to them?if the sites were hosted and are no longer available, what is thereasoning for looking fortraffic headed to them? why not just dump the DNS entries for them andclose up the sites...if they're down, what does it matter that something out there is using anold list... hummm...unless maybe they were C&C centers and one is now attempting to find theculprit botherder... hummm... This e-mail and any files transmitted with it may be proprietary and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error please notify the sender. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of ITT Corporation. The recipient should check this e-mail and any attachments for the presence of viruses. ITT accepts no liability for any damage caused by any virus transmitted by this e-mail. ------------------------------------------------------------------------------ The Palm PDK Hot Apps Program offers developers who use the Plug-In Development Kit to bring their C/C++ apps to Palm for a share of $1 Million in cash or HP Products. Visit us here for more details: http://ad.doubleclick.net/clk;226879339;13503038;l? http://clk.atdmt.com/CRS/go/247765532/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Alex, you mentioned regarding the fast pattern matcher that "the patterns used are based on the port used in the rule." Is this just the destination port, source port or source/destination combination? Thanks! Alex Tatistcheff
------------------------------------------------------------------------------ This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: MP3's are evil... Searching for traffic based upon uploaded file type..., (continued)
- Re: MP3's are evil... Searching for traffic based upon uploaded file type... Joel Esler (Aug 05)
- Re: MP3's are evil... Searching for traffic basedupon uploaded file type... Castle, Shane (Aug 05)
- Re: MP3's are evil... Searching for traffic based upon uploaded file type... Joel Esler (Aug 05)
- Re: MP3's are evil... Searching for traffic based upon uploaded file type... Isherwood, Jeffrey - IS (Aug 05)
- Re: MP3's are evil... Searching for traffic based upon uploaded file type... Jason Haar (Aug 05)
- Re: MP3's are evil... Searching for traffic based upon uploaded file type... Joel Esler (Aug 05)
- Re: Rule efficiency waldo kitty (Jul 23)
- Re: Rule efficiency Isherwood, Jeffrey - IS (Jul 26)
- Re: Rule efficiency waldo kitty (Jul 26)
- Re: Rule efficiency Isherwood, Jeffrey - IS (Jul 26)
- Re: Rule efficiency Alex Tatistcheff (Sep 07)