[Snort-sigs] how many rules are there for snort at the moment?

Matt Kettler mkettler at ...189...
Tue Jul 22 10:08:22 EDT 2003


At 04:55 PM 7/22/2003 +0100, Chatprechakul Mr N wrote:
>Hi,
>      I am doing a research relate to intrusion detection. I would like to
>know where can I access to all snort rules including document for each rule.
>I went to snort.org and there, it seem to show only part of the rules. I
>want to know because I want to count rules base on categorise for example
>icmp, udp, tcp or by type of attack. Please if anyone know please give me
>some advise.
>Regards,
>Nattapon

If you go to the website you can download a tarball with all the latest rules:
http://www.snort.org/dl/rules/

 From there you can easily grep the files to break out all the rules by type.

There are a large number of rules with no documentation at this time, but 
there's been a massive effort to encourage people to write rule docs. It's 
still a work in progress.





More information about the Snort-sigs mailing list