[Snort-devel] snort rules

Richard Bejtlich taosecurity at ...2499...
Tue May 29 14:19:27 EDT 2012


Why not write two Snort rules?

Richard

On Tuesday, May 29, 2012, mayssa jemel wrote:

>
>
> hi to all,
>
>
> I am a student in telecomparis tech France and i am interresting on snort
>
>
> Actually, I am working on adding some functionnalities to snort  in my
> master project.
>
>
> The idea is to add logic operatiors in the option field of snort rules to
> optimize the detection of attacks
>
>
> For example rules become :
>
>
>
>      alert tcp @src prtsrc -> @dest prtdest (content:"FFEE3499" *or*
> content: " FFEE5698"; msg:"*****")
>
>
>
>
>
> I really need your experience to help me know if the realisation is
> possible and what kind of modifications should i made in different
>
>
> snort files
>
>
> Thanks in advance
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20120529/b842d22f/attachment.html>


More information about the Snort-devel mailing list