Re: snort rules

[Richard Bejtlich <taosecurity () gmail com>]

Why not write two Snort rules?

Richard

On Tuesday, May 29, 2012, mayssa jemel wrote:

> hi to all,
>
>
> I am a student in telecomparis tech France and i am interresting on snort
>
>
> Actually, I am working on adding some functionnalities to snort  in my
> master project.
>
>
> The idea is to add logic operatiors in the option field of snort rules to
> optimize the detection of attacks
>
>
> For example rules become :
>
>
>
>      alert tcp @src prtsrc -> @dest prtdest (content:"FFEE3499" *or*
> content: " FFEE5698"; msg:"*****")
>
>
>
>
>
> I really need your experience to help me know if the realisation is
> possible and what kind of modifications should i made in different
>
>
> snort files
>
>
> Thanks in advance
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!