Snort mailing list archives
Re: [RE] Snort rules maximum rules per file
From: Hussein Bahaidarah <husseinb () gmail com>
Date: Fri, 15 Jul 2011 17:48:48 +0300
Sorry for late response as I was out of country. the file is huge and it is basically derived from the URL list: http://urlblacklist.com/?sec=download On Jul 2, 2011, at 5:12 AM, 김무성 wrote: nice. can you give me your rule file? It's very interesting. ----- Original Message ----- From : "Hussein Bahaidarah" <husseinb () gmail com> To : snort-users () lists sourceforge net Sent : 20110626024436 Subject : [Snort-users] Snort rules maximum rules per file Hello, Is there a limit on the number of rules support by snort in general? and on per file basis? I have customized a file with 942099 rules and it took about 15 minutes to start snort; but no alerts or actions wer fired. +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... 942099 Snort rules read 942099 detection rules 0 decoder rules 0 preprocessor rules 942099 Option Chains linked into 1 Chain Headers 0 Dynamic rules +++++++++++++++++++++++++++++++++++++++++++++++++++ +-------------------[Rule Port Counts]--------------------------------------- | tcp udp icmp ip | src 0 0 0 0 | dst 942099 0 0 0 | any 0 0 0 0 | nc 0 0 0 0 | s+d 0 0 0 0 +---------------------------------------------------------------------------- -- Regards, Hussein Bahaidara ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense.. http://p.sf.net/sfu/splunk-d2d-c1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation
------------------------------------------------------------------------------ AppSumo Presents a FREE Video for the SourceForge Community by Eric Ries, the creator of the Lean Startup Methodology on "Lean Startup Secrets Revealed." This video shows you how to validate your ideas, optimize your ideas and identify your business strategy. http://p.sf.net/sfu/appsumosfdev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please see http://www.snort.org/docs for documentation
Current thread:
- [RE] Snort rules maximum rules per file 김무성 (Jul 01)
- Re: [RE] Snort rules maximum rules per file Hussein Bahaidarah (Jul 15)