[Snort-users] Wish List?: Dynamic Streaming or the like.
dave at ...1192...
Wed Jan 31 13:26:39 EST 2001
-----BEGIN PGP SIGNED MESSAGE-----
or even something simpler for tackling login failures, the example below probably isnt a good overall one.
probably the stream part would be redundant with the usage of the dynamic count feature, maybe it would be useful for some other things.
Thanks in advance,
> Has anyone contemplated adding something along the lines of a dynamic rule offsetting a stream event based on some other variables (namely number of occurances) eg:
> FTP-Login Failed 3 times in 1 second, initiate preprocessor stream
> maybe some extension to the current dynamic capabilities to incorporate a counter on signature occurances and then initiaite a certain preprocessor or simply another option like session, react, resp etc.
> Just an idea, might be something planned for v2 or something someone has worked on already.
Dave Ryan Default Security
http://www.default.org.uk/~dave dave at ...1192...
GnuPG Key: http://www.default.org.uk/~dave/gpgkey.asc
Fingerprint: F418 C882 FF03 82A0 A99A 2720 669C E8C3 44B8 2A0F
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (OpenBSD)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the Snort-users