[Snort-devel] Multi-Packet detection code

Mordechai Ovits movits at ...622...
Tue Aug 21 12:47:00 EDT 2001


On Friday 17 August 2001 06:13, anonpoet wrote:
> spp_conversation takes alot less CPU time than stream4, but I wonder if
> it still would be cheaper after I the other features.

You would probably be interested in how libnids does exactly what you are 
doing:

http://www.packetfactory.net/Projects/Libnids/

Mordy



> Jason
> jason at ...506...
>
> On 17 Aug 2001 17:36:25 -0400, tlewis at ...255... wrote:
> > On 17 Aug 2001, anonpoet wrote:
> > > Well, I just started testing an engine that will detect packets across
> > > multiple packets.  I'm going to stick it in the next version of
> > > Hogwash. I was wondering if anyone here was interested.
> >
> > It definitely sounds like an improvement over what snort does presently,
> > but I wonder why you would make it part of Hogwash?  Aren't there other
> > parts of snort than pattern-matching that could benefit from such
> > data continuity?
>
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/lists/listinfo/snort-devel

-- 
Mordy Ovits           Give a man a fish, he owes you one fish. 
Network Security   Teach a man to fish, and you give up
Bloomberg L.P.       your monopoly on fisheries.




More information about the Snort-devel mailing list