Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Snort-sigs] Possible improvements to pop3 rules.

From: Jeff Kell <jeff-kell () utc edu>
Date: Wed, 04 May 2005 01:15:19 -0400
Erik de Castro Lopo wrote:


So, two questions:

   0) Are rule optimisations like this valid?


YES YES YES!


   1) Are optimisations like this worthwhile?


YES YES YES!

And anybody out there who has a non-zero packet loss that tries to tell
you otherwise should be null-routed, dropped, rejected, and/or ignored!

It certainly isn't as "glamorous" or "cool" as trying to create the ever
elusive 0.0000001-day exploit signature, but it is certainly appreciated
by those of us without the time/energy/patience to re-create the wheel.

"We're really serious about reinventing everything that needs
reinventing." --Larry Wall

Faster is almost always better :-)

Jeff


-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games.
Get your fingers limbered up and give it your best shot. 4 great events, 4
opportunities to win big! Highest score wins.NEC IT Guy Games. Play to
win an NEC 61 plasma display. Visit http://www.necitguy.com/?r=20
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: