[Snort-devel] IXA Port

Matthew Watchinski mwatchinski at ...402...
Sun Feb 11 11:38:43 EST 2007


To be more helpful I would need additional information on the IXP family
and what additional chips you plan on using along side it.

But here are some general things to think about.

1. Stream reassembly.  Most Network Processors don't have the ability to
reassemble streams they are per packet inspection engines.  This isn't
that useful in IPS/IDS

2. Fragmentation support. Some NPC's support this, some don't.

3. Full Regex Support.  If you don't have regular expression support it
will be very difficult to support converting any snort rules.

4. Multi-Ordered Content Matches - If your NPC supports content matching
does it support functionality like the relative keyword in the snort
rules language.

Cheers,
-matt

justin.latham at ...2499... wrote:
> Hello all,
> I'm relatively new to Snort, and as part of my master's thesis, I am 
> going to attempt to port at least the detection engine to an IXA (Intel 
> Internet Exchange Architecture) network processor appliance.  I am 
> curious if anybody knows of any previous work done in this area or if 
> any of the more experienced users have any advice they may want to offer.
> 
> Thanks,
> Justin Latham
> 
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier.
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> 





More information about the Snort-devel mailing list