[Snort-sigs] Behavioral-based detection

Цвиркун Д.В. dim_c at ...2033...
Sat Nov 22 06:59:02 EST 2003


As I can create rules which will allow to raise alarm at the certain
behaviour of a data stream (high amount of inbound/outbound data; small but
frequent amount of inbound/outbound data; requests/responses are sent too
frequently or are sent on a curious static interval; one "user" requests a
small quantity of external resources too frequently)

Thanks





More information about the Snort-sigs mailing list