[Snort-sigs] Snort Rule optimizer

Jennifer Steffens jennifer.steffens at ...435...
Thu May 27 08:18:18 EDT 2004


While Sourcefire generally collects basic contact information from 
people downloading our white papers, I would like to make these papers 
directly available to the folks on this list.  You can find them at 
http://www.sourcefire.com/technology/wp_download.html.

Enjoy!
Jennifer

--
Jennifer Steffens
Director, Product Marketing
Sourcefire, Inc

On May 27, 2004, at 9:59 AM, Daniel J. Roelker wrote:

> Sourcefire has whitepapers on the design and implementation of the 
> Snort
> 2.0 detection engine (since Sourcefire paid for the design and
> development).  You can check them out at:
>
> http://www.sourcefire.com/technology/whitepapers.html
>
> Dan
>
> On Thu, 2004-05-27 at 05:27, skaf wrote:
>> Hello,
>>
>> I am new to your mailing list and to snort, i am doing a research on
>> Snort IDS and especially on how the preprocessors and detection engine
>> works,
>>
>> I read about the new detection engine and the rule optimiser, I bought
>> the new snort 2.1 book but I cant find lots of documentation on how 
>> the
>> rule Optimiser works (and the Multi rule pattern match)
>>
>> Anyone have links on where do i get useful information about these
>> subjects ?
>>
>> Does the Rule optimiser creates the Rule sets on every packet or they
>> are created during initialisation ?
>>
>> Thanks
>>
>> Rawad
>>
> -- 
> Daniel Roelker
> Software Developer
> Sourcefire, Inc.
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: Oracle 10g
> Get certified on the hottest thing ever to hit the market... Oracle 
> 10g.
> Take an Oracle 10g class now, and we'll give you the exam FREE.
> http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs





More information about the Snort-sigs mailing list