Re: how to disable compile-time reload option?

[Joel Esler <jesler () sourcefire com>]

On 9/30/10 3:51 PM, "waldo kitty" <wkitty42 () windstream net> wrote:
> On 9/30/2010 15:40, Jefferson, Shawn wrote:
> > The Host Attribute Table is an awesome feature of newer versions of
> > Snort that allows you to import a table with your hosts, what services
> > they are running and on what ports.  A rule that targets http (specified
> > by the "service" tag) may then inspect traffic that isn't on the
> > traditional http ports, because snort knows that this host is running an
> > HTTP service and on which port.
> >
> > The trick is building the host table... There is Hogger which takes
> > nmap results and builds the table, and PRADS which passively listens on
> > your network and will build the table.  I'm using PRADS, since I have
> > some sensitive devices on my network that choke on an NMAP scan... it's
> > been working pretty well.
>
> ahhh... ok... i wasn't sure if it was that or if "attributes" was being
> used 
> generically to mean all or some of the snort.conf configuration options...
>
> thanks!

I'll put this in as a feature request for a future version of Snort.

Joel



------------------------------------------------------------------------------
Start uncovering the many advantages of virtual appliances
and start using them to simplify application deployment and
accelerate your shift to cloud computing.
http://p.sf.net/sfu/novell-sfdev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users