Re: open-test.conf

[Joel Esler <jesler () sourcefire com>]

On Nov 27, 2012, at 9:35 PM, waldo kitty <wkitty42 () windstream net> wrote:

> > One of the many benefits if using PP is flowbit dependency resolution!
>
> that's what i keep hearing... however, i note that it is one way only... rules 
> that set flowbits and are explicitly turned off get turned on instead of the 
> rules checking the flowbit getting turned off... that's ok in some cases but not 
> good in others…

If you want it turned off, make sure you turn off the whole chain yourself.  Otherwise, I'd want it on!

> in reality, both should be handled by a human... especially 
> since snort reports them and humans are supposedly monitoring snort's log output ;)

Yeah right.  ;)

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefireh

------------------------------------------------------------------------------
Keep yourself connected to Go Parallel: 
INSIGHTS What's next for parallel hardware, programming and related areas?
Interviews and blogs by thought leaders keep you ahead of the curve.
http://goparallel.sourceforge.net

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!