Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [RE] Snort rules maximum rules per file

From: Hussein Bahaidarah <husseinb () gmail com>
Date: Fri, 15 Jul 2011 17:48:48 +0300
Sorry for late response as I was out of country.
the file is huge and it is basically derived from the URL list: http://urlblacklist.com/?sec=download


On Jul 2, 2011, at 5:12 AM, 김무성 wrote:

nice.
 
can you give me your rule file?
It's very interesting.

----- Original Message -----
From : "Hussein Bahaidarah" <husseinb () gmail com> 
To : snort-users () lists sourceforge net 
Sent : 20110626024436
Subject : [Snort-users] Snort rules maximum rules per file

Hello,

Is there a limit on the number of rules support by snort in general? and on per file basis? I have customized a file 
with 942099 rules and it took about 15 minutes to start snort; but no alerts or actions wer fired.

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
942099 Snort rules read
    942099 detection rules
    0 decoder rules
    0 preprocessor rules
942099 Option Chains linked into 1 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

+-------------------[Rule Port Counts]---------------------------------------
|             tcp     udp    icmp      ip
|     src       0       0       0       0
|     dst  942099       0       0       0
|     any       0       0       0       0
|      nc       0       0       0       0
|     s+d       0       0       0       0
+----------------------------------------------------------------------------
-- 
Regards,
Hussein Bahaidara
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a 
definitive record of customers, application performance, security 
threats, fraudulent activity and more. Splunk takes this data and makes 
sense of it. Business sense. IT sense. Common sense.. 
http://p.sf.net/sfu/splunk-d2d-c1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please see http://www.snort.org/docs for documentation



------------------------------------------------------------------------------
AppSumo Presents a FREE Video for the SourceForge Community by Eric 
Ries, the creator of the Lean Startup Methodology on "Lean Startup 
Secrets Revealed." This video shows you how to validate your ideas, 
optimize your ideas and identify your business strategy.
http://p.sf.net/sfu/appsumosfdev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please see http://www.snort.org/docs for documentation
Previous By Date Next
Previous By Thread Next

Current thread: