[Snort-devel] snort rules

mayssa jemel jemel.mayssa at ...3292...
Tue May 29 09:31:16 EDT 2012


 hi to all, 
I am a student in telecomparis tech France and i am interresting on snort 
Actually, I am working on adding some functionnalities to snort  in my master project.
The idea is to add logic operatiors in the option field of snort rules to optimize the detection of attacks
For example rules become :

     alert tcp @src prtsrc -> @dest prtdest (content:"FFEE3499" or content: " FFEE5698"; msg:"*****") 



I really need your experience to help me know if the realisation is possible and what kind of modifications should i made in different 
snort files
Thanks in advance 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20120529/374c0f53/attachment.html>


More information about the Snort-devel mailing list