Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ASN1 question

From: Eric G <eric () nixwizard net>
Date: Wed, 19 Dec 2012 14:51:31 -0500
On Dec 18, 2012 3:40 PM, "Patrick Mullen" <pmullen () sourcefire com> wrote:


James,

ASN.1 stuff really has to be done using an SO rule.


I don't mean to thread hijack, but I thought SO rules were used solely for
rule obsfucation... your reply to the original question kind of implies
more advanced rule logic can be rolled into SO rules, presumably at the
expense of some performance in rule processing. Is that correct?

I'm just trying to strengthen my Snort Kung Fu a bit... didn't know SO
rules can be used like that

--
Eric

------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: