Snort mailing list archives
Re: snort rules
From: Richard Bejtlich <taosecurity () gmail com>
Date: Tue, 29 May 2012 14:19:27 -0400
Why not write two Snort rules? Richard On Tuesday, May 29, 2012, mayssa jemel wrote:
hi to all, I am a student in telecomparis tech France and i am interresting on snort Actually, I am working on adding some functionnalities to snort in my master project. The idea is to add logic operatiors in the option field of snort rules to optimize the detection of attacks For example rules become : alert tcp @src prtsrc -> @dest prtdest (content:"FFEE3499" *or* content: " FFEE5698"; msg:"*****") I really need your experience to help me know if the realisation is possible and what kind of modifications should i made in different snort files Thanks in advance
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- snort rules mayssa jemel (May 29)
- Re: snort rules Richard Bejtlich (May 29)