[Snort-devel] Multi-Packet detection code
movits at ...622...
Tue Aug 21 12:47:00 EDT 2001
On Friday 17 August 2001 06:13, anonpoet wrote:
> spp_conversation takes alot less CPU time than stream4, but I wonder if
> it still would be cheaper after I the other features.
You would probably be interested in how libnids does exactly what you are
> jason at ...506...
> On 17 Aug 2001 17:36:25 -0400, tlewis at ...255... wrote:
> > On 17 Aug 2001, anonpoet wrote:
> > > Well, I just started testing an engine that will detect packets across
> > > multiple packets. I'm going to stick it in the next version of
> > > Hogwash. I was wondering if anyone here was interested.
> > It definitely sounds like an improvement over what snort does presently,
> > but I wonder why you would make it part of Hogwash? Aren't there other
> > parts of snort than pattern-matching that could benefit from such
> > data continuity?
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
Mordy Ovits Give a man a fish, he owes you one fish.
Network Security Teach a man to fish, and you give up
Bloomberg L.P. your monopoly on fisheries.
More information about the Snort-devel