[Snort-devel] About Snort Set Based Rule Inspection And Parameterized search!
marc.norton at ...402...
Wed Apr 14 06:44:00 EDT 2004
You do not have to change the code to add rules, unless you are adding
new rule options to the rules language. The term parameterized search
refers to the process of testing each rule option in order.
From: snort-devel-admin at lists.sourceforge.net
[mailto:snort-devel-admin at lists.sourceforge.net] On Behalf Of rico fear
Sent: Sunday, April 11, 2004 4:16 AM
To: snort-devel at lists.sourceforge.net
Subject: [Snort-devel] About Snort Set Based Rule Inspection And
I know that you are all busy ,
but please if any one could kindly answer my question!
I read white papers from
Snort 2.0 - Detection Revisited
Snort 2.0 - High Performance Multi-Rule Inspection Engine
Snort 2.0 - Rule Optimizer
Snort 2.0 - Protocol Flow Analyzer
So that I could understand how Snort match the incoming
packet against The Rule Set,
I have only one question, I need to know whether its right
As I understand from the papers that Snort divides rules
into sets and subsets then start matching according to
Set Based Rule Inspection combined with Parameterized search,
I really need to know exactly what is the parameterized search
And what will happen if a new rule is added will this require
updating The code ??
Do you Yahoo!?
Yahoo! Tax Center - File online by <http://taxes.yahoo.com/filing.html>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel