Re: how to disable compile-time reload option?

["Jefferson, Shawn" <Shawn.Jefferson () bcferries com>]

The Host Attribute Table is an awesome feature of newer versions of Snort that allows you to import a table with your 
hosts, what services they are running and on what ports.  A rule that targets http (specified by the "service" tag) may 
then inspect traffic that isn't on the traditional http ports, because snort knows that this host is running an HTTP 
service and on which port.

The trick is building the host table... There is Hogger which takes nmap results and builds the table, and PRADS which 
passively listens on your network and will build the table.  I'm using PRADS, since I have some sensitive devices on my 
network that choke on an NMAP scan... it's been working pretty well.


-----Original Message-----
From: waldo kitty [mailto:wkitty42 () windstream net] 
Sent: Thursday, September 30, 2010 11:58 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] how to disable compile-time reload option?

<snip>

speaking of the above, what exactly is "attributes"?


------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users