Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [SUSPECTED SPAM] Snort rules time complexity

From: Carl Nykvist via Snort-sigs <snort-sigs () lists snort org>
Date: Fri, 1 Mar 2019 19:59:23 +0100
Hi!

When Snort looks at traffic, it filters maybe on IP address to see if any
rules match the traffic. But it can't go through each rule and it needs to
do this process quickly, otherwise it would take very long and the
complexity would be O(n). So I wonder what Snort is using to filter and
search for which rules match the traffic in as fast way as possible.

Den fre 1 mars 2019 kl 16:32 skrev Joel Esler (jesler) <jesler () cisco com>:


How Snort handles "time complexity"
What do you mean?




On Mar 1, 2019, at 5:10 AM, Carl Nykvist via Snort-sigs <

snort-sigs () lists snort org> wrote:


Hi!

Anyone here knows how snort handles time complexity to search and filter

for specific rules quickly?


_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules:

https://snort.org/faq/what-is-the-mailing-list-etiquette


Visit the Snort.org to subscribe to the official Snort ruleset, make

sure to stay up to date to catch the most <a href="
https://snort.org/downloads/#rule-downloads";>emerging threats</a>!



_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: