Re: Help with a rule

[Kyle Creyts <kyle.creyts () gmail com>]

+1, flow analysis/session analysis seem like the right paths to examine.


On Tue, Dec 10, 2013 at 10:09 AM, lists () packetmail net <lists () packetmail net
> wrote:

> On 12/10/2013 11:20 AM, Tyler MacPherson wrote:
> > Any suggestions?
>
> I wouldn't use Snort for this, I'd use another method -- perhaps
> daemonlogger
> flow analysis, libnids, netflow, lib-pcap based session tracking, etc.
>  Snort
> isn't the right tool here.
>
> Cheers,
> Nathan
>
>
> ------------------------------------------------------------------------------
> Rapidly troubleshoot problems before they affect your business. Most IT
> organizations don't have a clear picture of how application performance
> affects their revenue. With AppDynamics, you get 100% visibility into your
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
> Pro!
> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!



-- 
Kyle Creyts

Information Assurance Professional
Founder BSidesDetroit

------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!