[Snort-devel] re: Poor-man's port list

Daniel J. Roelker droelker at ...402...
Mon Feb 2 08:26:11 EST 2004


Ostling's patch works fine as an implementation of port lists for those
that aren't worried about performance.  I'd suggest you read my earlier
post in this mailing list about why we haven't officially incorporated
it into snort.  In short, this work needs to be done in the high-speed
detection engine so we keep our speed.  It's not just a parsing issue,
where we add multiple rules for each port in the list.

The port list feature is definitely a feature we'll be adding in the
future.  But it will probably be done by either Marc or me because it
affects the high speed detection engine.

For a fix now, just use Ostling's patch.  It provides the functionality
you're looking for.

Dan

On Mon, 2004-02-02 at 10:57, Dave Randolph wrote:
> Hi.
> Has anyone experimented with Andreas' patch for implementing the port lists?  I have been doing some thinking about a way to help implement this feature but if his code looks like it's working ok I don't want to re-invent the wheel.
> thanks!!
> 
> Dave Randolph              Northstar Bank of Texas
> Master Geek                400 N. Carroll
> drandolph at ...2361...    Denton, Tx 76201
>                            940 591 1200
>  
> #####################################################################################
> 
> This email has been scanned by MailMarshal, an email content filter. 
> Please contact Administrator at ...2361... if you have any questions or 
> comments. Thank you.
> #####################################################################################
> 
> 
> -------------------------------------------------------
> The SF.Net email is sponsored by EclipseCon 2004
> Premiere Conference on Open Tools Development and Integration
> See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
> http://www.eclipsecon.org/osdn
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> 
-- 
Daniel Roelker
Software Developer
Sourcefire, Inc.





More information about the Snort-devel mailing list