Snort mailing list archives
Re: ASN1 question
From: Eric G <eric () nixwizard net>
Date: Wed, 19 Dec 2012 14:51:31 -0500
On Dec 18, 2012 3:40 PM, "Patrick Mullen" <pmullen () sourcefire com> wrote:
James, ASN.1 stuff really has to be done using an SO rule.
I don't mean to thread hijack, but I thought SO rules were used solely for rule obsfucation... your reply to the original question kind of implies more advanced rule logic can be rolled into SO rules, presumably at the expense of some performance in rule processing. Is that correct? I'm just trying to strengthen my Snort Kung Fu a bit... didn't know SO rules can be used like that -- Eric
------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- ASN1 question James Lay (Dec 18)
- Re: ASN1 question Patrick Mullen (Dec 18)
- Re: ASN1 question James Lay (Dec 18)
- Re: ASN1 question Eric G (Dec 19)
- Re: ASN1 question Joel Esler (Dec 19)
- Re: ASN1 question Eric G (Dec 19)
- Re: ASN1 question Patrick Mullen (Dec 18)