Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DFA construction in Snort

From: Hui Cao <hcao () sourcefire com>
Date: Mon, 23 Sep 2013 10:48:14 -0400
Hi Maleeha,

Where did you hear snort make DFA on the fly? Rules are compiled
before they are evaluated. In some cases, such as SMTP boundary
checking, it will be compiled on real time, because boundary is
dynamic.

Best,
Hui.

On Sun, Sep 22, 2013 at 3:35 AM, Maleeha N <beenish.raza () hotmail com> wrote:

Hy!

 I have heard that snort makes DFAs on real time. What does it mean by real
time? Shouldn't the DFAs be built before the packets arrive? Like if we have
a regular expression defined for some attack then its DFA should already be
there before the packet comes. So, that when such packet arrives then the
packet with that particular attack be identified on urgent basis.

------------------------------------------------------------------------------
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack
includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/22/13.
http://pubads.g.doubleclick.net/gampad/clk?id=64545871&iu=/4140/ostg.clktrk
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!


------------------------------------------------------------------------------
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint
2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes
Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. 
http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: