Snort mailing list archives
Re: [SUSPECTED SPAM] Snort rules time
From: Darryle Merlette <merlette () niksun com>
Date: Fri, 1 Mar 2019 19:05:13 +0000
I believe he is asking for the run-time complexity of the string search algorithms done in Snort (Boyer-Moore, etc.) Probably a better question for the snort-devel list. Thanks, Darryle -------------------------------------------- Original message:
Date: Fri, 1 Mar 2019 15:32:48 +0000
From: "Joel Esler (jesler)" <jesler () cisco com<mailto:jesler () cisco com>>
To: Carl Nykvist <nykvistc () gmail com<mailto:nykvistc () gmail com>>
Cc: "snort-sigs () lists snort org<mailto:snort-sigs () lists snort org>" <snort-sigs () lists snort org<mailto:snort-sigs () lists snort org>>
Subject: Re: [Snort-sigs] [SUSPECTED SPAM] Snort rules time
complexity
Message-ID: <E3E99496-9BE2-4ED4-B4E1-A46F8A203AA9 () cisco com<mailto:E3E99496-9BE2-4ED4-B4E1-A46F8A203AA9 () cisco com>>
Content-Type: text/plain; charset="us-ascii"
How Snort handles "time complexity"
What do you mean?
On Mar 1, 2019, at 5:10 AM, Carl Nykvist via Snort-sigs <snort-sigs () lists snort org<mailto:snort-sigs () lists snort org>> wrote:
Hi!
Anyone here knows how snort handles time complexity to search and filter for specific rules quickly?
__________________________________________________________________________ Darryle Merlette, CISSP NIKSUN, Inc. Tel: +1 770-772-1613 http://www.niksun.com Cel: +1 908 510-3574 457 N. Harrison St. HQ: +1 609 936-9999 x3324 Princeton, NJ 08540 USA __________________________________________________________________________ **** CONFIDENTIALITY NOTICE **** This electronic mail message (and/or documents accompanying it) is the property of NIKSUN, Inc. and may contain confidential material for the sole use of NIKSUN and the intended recipient(s). Any review, use, distribution or disclosure by anyone other than an intended recipient is strictly prohibited. If you have received this communication in error, please contact the sender by e-mail and delete all copies of the message.
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Re: [SUSPECTED SPAM] Snort rules time Darryle Merlette (Mar 01)