Snort mailing list archives
Stream5 and Frag3 preprocessors
From: Pablo Cantos <pablocantos () gmail com>
Date: Wed, 9 Nov 2011 10:46:00 +0100
Hi all, Im just starting my End of College Project. Its going to be based on improving Snort performance by prefiltering the pattern matching stage with some Bloom's based algorithm. In order to do this, the packets need to be already defragmented and streamed, as if doing this before reaching Snort might sound good but would be extremely insecure. Thus, I want to take advantage of the work done by Stream5 and Frag3 preprocessors. My question is, where is the best place to do this? Should I implement this as a preprocessor itself or should I modify existing Pattern Matching calls to do it. This second task is a bit easier now as Sourcefire did a nice abstraction job to integrate Intel's QuicAssit Pattern Patcher, but I guess will be still easier to do so as a preprocessor. What do you guys suggest? Very thankful in advance.
------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Stream5 and Frag3 preprocessors Pablo Cantos (Nov 09)