[Snort-users] order of matching rules

archana rao archuatdavis at ...131...
Wed Oct 16 15:48:01 EDT 2002


The site 
http://www.infosys.tuwien.ac.at/snort-ng/
mentions that "For some strange reason, Snort stops
the detection process for a packet after the first
matching
rule - maybe to improve performance" while talking
about snort-ng. Is this the way it works in
Snort-1.9.0 too?In what order are the rules matched
against the incoming packets?Is it the order in which
they are listed in the *.rules file?
Archana

__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com




More information about the Snort-users mailing list