[Snort-devel] About Snort Set Based Rule Inspection And Parameterized search!

rico fear ricofear2000 at ...398...
Mon Apr 12 06:34:03 EDT 2004


 I know that you are all busy ,

but please if any one could kindly answer my question!

I read white papers from 


  Snort 2.0 - Detection Revisited

  Snort 2.0 - High Performance Multi-Rule Inspection Engine

  Snort 2.0 - Rule Optimizer

  Snort 2.0 - Protocol Flow Analyzer


So that I could understand how Snort match the incoming 

packet against The Rule Set,

I have only one question, I need to know whether it’s right

 or wrong.


As I understand from the papers that Snort divides rules 

into sets and subsets then start matching according to 

Set Based Rule Inspection combined with Parameterized search,


I really need to know exactly what is the parameterized search 

And what will happen if a new rule is added will this require

 updating The code ??




Do you Yahoo!?
Yahoo! Tax Center - File online by April 15th
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20040412/a553f7ac/attachment.html>

More information about the Snort-devel mailing list