[Snort-devel] snort rules
jemel.mayssa at ...3292...
Tue May 29 09:31:16 EDT 2012
hi to all,
I am a student in telecomparis tech France and i am interresting on snort
Actually, I am working on adding some functionnalities to snort in my master project.
The idea is to add logic operatiors in the option field of snort rules to optimize the detection of attacks
For example rules become :
alert tcp @src prtsrc -> @dest prtdest (content:"FFEE3499" or content: " FFEE5698"; msg:"*****")
I really need your experience to help me know if the realisation is possible and what kind of modifications should i made in different
Thanks in advance
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel