[Snort-sigs] ASN1 question

Eric G eric at ...3692...
Wed Dec 19 14:51:31 EST 2012


On Dec 18, 2012 3:40 PM, "Patrick Mullen" <pmullen at ...435...> wrote:
>
> James,
>
> ASN.1 stuff really has to be done using an SO rule.

I don't mean to thread hijack, but I thought SO rules were used solely for
rule obsfucation... your reply to the original question kind of implies
more advanced rule logic can be rolled into SO rules, presumably at the
expense of some performance in rule processing. Is that correct?

I'm just trying to strengthen my Snort Kung Fu a bit... didn't know SO
rules can be used like that

--
Eric
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20121219/206318c3/attachment.html>


More information about the Snort-sigs mailing list