[Snort-devel] Portscan2 suggestion
Kreimendahl, Chad J
Chad.Kreimendahl at ...1167...
Mon Oct 7 10:53:04 EDT 2002
Where is GID? Was speaking more towards being able to show all matches
for a specific signature by matching for the unique sig_id created.
Secrets? In an open source community..... Your communist leaders (RMS)
may come and take you away.
From: Chris Green [mailto:cmg at ...402...]
Sent: Monday, October 07, 2002 11:07 AM
To: Kreimendahl, Chad J
Cc: snort-devel at lists.sourceforge.net
Subject: Re: [Snort-devel] Portscan2 suggestion
"Kreimendahl, Chad J" <Chad.Kreimendahl at ...1167...> writes:
> Pattern matching in a database is resource intensive, and for people
> wanting to just watch for portscans, or to just list out all portscans
> and watch them in real-time, it makes it much more dificiult.
In database stuff, just looking for a sid/gid is not pattern matching.
> I'd say for the vast majority of people using snort what you say
> works perfectly, but for those with massive amounts of data being
> collected (likely some of sourcefire's customers even) this could be
> something very useful
We have a much different set of loaders decoupled from snort. The
output systems however will have to grow and let us do more cool
> So, what kind of ideas are you all passing around for the output
Lots of things that we know well enough to not commit to publically
until they are done :^). Mainly just extending what an output record
Chris Green <cmg at ...402...>
"Not everyone holds these truths to be self-evident, so we've worked
up a proof of them as Appendix A." -- Paul Prescod
More information about the Snort-devel