Snort mailing list archives
Re: Can snort calculate on-the-fly-md5sum ?
From: Pratik Narang <pratik.cse.bits () gmail com>
Date: Wed, 3 Oct 2012 20:19:03 +0530
On Wed, Oct 3, 2012 at 8:09 PM, Balasubramaniam Natarajan < bala150985 () gmail com> wrote:
Hi Snort Users, I was looking at the website http://suricata-ids.org/ and I was wondering if snort has similar capabilities ? If yes could you point me at a link which helps me to set up the same ? *3. File Identification, MD5 Checksums, and File Extraction* Suricata can identify thousands of file types while crossing your network! Not only can you identify it, but should you decide you want to look at it further you can tag it for extraction and the file will be written to disk with a meta data file describing the capture situation and flow. The file’s MD5 checksum is calculated on the fly, so if you have a list of md5 hashes you want to keep in your network, or want to keep out, Suricata can find it. PS: I am not here to ask which IDS/IPS is best, However I am coming in from a learning perspective so please don't mistake me.
That would have been an interesting question although ;)
-- Regards, Balasubramaniam Natarajan www.etutorshop.com/moodle/ ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Can snort calculate on-the-fly-md5sum ? Balasubramaniam Natarajan (Oct 03)
- Re: Can snort calculate on-the-fly-md5sum ? Pratik Narang (Oct 03)
- Re: Can snort calculate on-the-fly-md5sum ? Joel Esler (Oct 03)
- Re: Can snort calculate on-the-fly-md5sum ? Joel Esler (Oct 03)
- Re: Can snort calculate on-the-fly-md5sum ? Balasubramaniam Natarajan (Oct 03)