Snort mailing list archives
Re: flow rule
From: Matt Kettler <mkettler () evi-inc com>
Date: Tue, 30 Sep 2003 11:50:25 -0400
At 05:44 PM 9/29/2003, Tantravahi Venkata Aditya wrote:
ABout the flow rule What are the differences between the option to_client and from server
to_client and from_server are the same, however you could say it matter of style which one you use.
In some rules you might want to use "from_server" just to imply that it's exploits against the server you are concerned about. "to client" generally implies you're concerned about exploit against the client. However, they are interchangeable, and the difference will only be in the eyes of a human reading the rule.
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Definite corruption of addresses in Snort 2.02 alert Jason Haar (Sep 28)
- flow rule Tantravahi Venkata Aditya (Sep 29)
- Re: flow rule Chris Green (Sep 30)
- Re: flow rule Matt Kettler (Sep 30)
- flow rule Tantravahi Venkata Aditya (Sep 29)