Snort mailing list archives
snort rules
From: mayssa jemel <jemel.mayssa () hotmail fr>
Date: Tue, 29 May 2012 14:31:16 +0100
hi to all, I am a student in telecomparis tech France and i am interresting on snort Actually, I am working on adding some functionnalities to snort in my master project. The idea is to add logic operatiors in the option field of snort rules to optimize the detection of attacks For example rules become : alert tcp @src prtsrc -> @dest prtdest (content:"FFEE3499" or content: " FFEE5698"; msg:"*****") I really need your experience to help me know if the realisation is possible and what kind of modifications should i made in different snort files Thanks in advance
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- snort rules mayssa jemel (May 29)
- Re: snort rules Richard Bejtlich (May 29)