Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort rules

From: mayssa jemel <jemel.mayssa () hotmail fr>
Date: Tue, 29 May 2012 14:31:16 +0100

 hi to all, 
I am a student in telecomparis tech France and i am interresting on snort 
Actually, I am working on adding some functionnalities to snort  in my master project.
The idea is to add logic operatiors in the option field of snort rules to optimize the detection of attacks
For example rules become :

     alert tcp @src prtsrc -> @dest prtdest (content:"FFEE3499" or content: " FFEE5698"; msg:"*****") 



I really need your experience to help me know if the realisation is possible and what kind of modifications should i 
made in different 
snort files
Thanks in advance                                         
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: