Re: Snort's modules

[Joel Esler <jesler () sourcefire com>]

On Jul 25, 2012, at 8:58 AM, Pratik Narang <pratik.cse.bits () gmail com> wrote:

> I have been playing around with Snort for a while now. I am beginning to wonder that apart from its Signatures being 
> its biggest strength, what else are the things on which Snort relies upon? Prima facie, the preprocessor modules 
> don't involve signatures- am I right here? Does Snort have an Anomaly engine?? If not, i would be interested in 
> knowing how all the network stuff which cannot be detected via signatures (or you may say that I do not wish to use 
> signatures) can be detected with Snort?

Snort can detect many things without looking into its rules engine. Obviously, as you said the ruleset being one of the 
most effective pieces of Snort. 

The preprocessors can be considered anomaly detection most definitely. If you look at the alerts that it generates. 
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!