[Snort-users] Wish List?: Dynamic Streaming or the like.

Dave Ryan dave at ...1192...
Wed Jan 31 13:26:39 EST 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

or even something simpler for tackling login failures, the example below probably isnt a good overall one.

probably the stream part would be redundant with the usage of the dynamic count feature, maybe it would be useful for some other things.

Thanks in advance,
Dave.

> Hi,
> 
> Has anyone contemplated adding something along the lines of a dynamic rule offsetting a stream event based on some other variables (namely number of occurances) eg:
> 
> FTP-Login Failed 3 times in 1 second, initiate preprocessor stream
> 
> maybe some extension to the current dynamic capabilities to incorporate a counter on signature occurances and then initiaite a certain preprocessor or simply another option like session, react, resp etc.
> 
> Just an idea, might be something planned for v2 or something someone has worked on already.
> 
> Regards,
> Dave.
- -- 
Dave Ryan 				Default Security
http://www.default.org.uk/~dave		dave at ...1192...

GnuPG Key:      http://www.default.org.uk/~dave/gpgkey.asc
Fingerprint:    F418 C882 FF03 82A0 A99A  2720 669C E8C3 44B8 2A0F

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (OpenBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE6eFjcZpzow0S4Kg8RAnatAKCKLlqb3aHaAvmsy9fmljiQMKSCpQCgiYTm
ajPHvcg/qRSU4nRPy+eVfZM=
=vH36
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list