[Snort-devel] About Snort Set Based Rule Inspection And Parameterized search!

rico fear ricofear2000 at ...398...
Mon Apr 12 06:34:03 EDT 2004


Hi 

 I know that you are all busy ,

but please if any one could kindly answer my question!

I read white papers from 

 http://www.sourcefire.com/technology/whitepapers.htm

  Snort 2.0 - Detection Revisited

  Snort 2.0 - High Performance Multi-Rule Inspection Engine

  Snort 2.0 - Rule Optimizer

  Snort 2.0 - Protocol Flow Analyzer

 

So that I could understand how Snort match the incoming 

packet against The Rule Set,

I have only one question, I need to know whether it’s right

 or wrong.

 

As I understand from the papers that Snort divides rules 

into sets and subsets then start matching according to 

Set Based Rule Inspection combined with Parameterized search,

 

I really need to know exactly what is the parameterized search 

And what will happen if a new rule is added will this require

 updating The code ??

 

Regards,

rico



---------------------------------
Do you Yahoo!?
Yahoo! Tax Center - File online by April 15th
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20040412/a553f7ac/attachment.html>


More information about the Snort-devel mailing list