Re: Rule Chaining

[Brian <bmc () snort org>]

On Thu, Feb 24, 2005 at 09:25:35PM -0800, Madhur Nagar wrote:
> 1. Rule Chaining - one rule calling another

FYI, most uses of activate/dynamic should be replaced with flowbits.
Sure flowbits only works on a single flow, but it works oh so much
better than activate/dynamic rules.

> 2. Stateful Checking - Checking for a content in say 10 packets and
> only if the content of all the 10 matches then take some action

Sure, thresholding can do this.

> 3. Remote Rule Updation

Sounds like you need snort-perl 1.0 :P.  Remote rule installation was
one of the primary features I added in my latest iteration of snort +
perl.

    http://www.shmoo.com/~bmc/software/snort-perl/

Brian


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users