[Snort-sigs] Connecting signatures?

Chris Kronberg smil at ...1754...
Sun Aug 29 07:08:08 EDT 2004


On Sun, 29 Aug 2004, Keith W. McCammon wrote:
> 
> I believe that activate/dynamic rules are still an option in the
> current release.  You can read about these in the manual:
> http://www.snort.org/docs/snort_manual/node16.html.  Note, however,
> that these may not be around in future releases.

   The activate/dynamic rules are still there, they work but they
   don't do what I want. Yes, number1 activates number 2, but as
   with tagging just to capture more of the traffic. At least
   according to the manual there is nothing more about that.
   I tried to convince the second rule to give at least a message
   but no avail.
   If there is a way to accomplish my goal with these tags I'd
   love to hear about that.

   Cheers,

                                                 Chris Kronberg.


> On Sun, 29 Aug 2004 09:02:43 +0200 (CEST), Chris Kronberg
> <smil at ...1754...> wrote:
>>
>>    Hi,
>>
>>    I'm trying to find a way to write rules provding the following:
>>    Rule1 fires and sets another rule active, which fires on the
>>    following traffic (if the criteria are met). Rule2 should never
>>    fire without rule1 firing first.
>>    First I thought, I can do that with tagging but it seems that
>>    tagging only allows me to save more of the triggered connection
>>    for a later analysis (which is a fine thing in itself).
>>    Is there any way to accomplish something like that?
>>
>>    Cheers,
>>
>>                                                   Chris Kronberg.
>>
>> -------------------------------------------------------
>> This SF.Net email is sponsored by BEA Weblogic Workshop
>> FREE Java Enterprise J2EE developer tools!
>> Get your free copy of BEA WebLogic Workshop 8.1 today.
>> http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
>> _______________________________________________
>> Snort-sigs mailing list
>> Snort-sigs at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by BEA Weblogic Workshop
> FREE Java Enterprise J2EE developer tools!
> Get your free copy of BEA WebLogic Workshop 8.1 today.
> http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>




More information about the Snort-sigs mailing list