[Snort-users] Announcing sp_perl

Jeff Nathan jeff at ...950...
Sat May 10 03:49:14 EDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As described in our CanSecWest/core03 presentation, Advanced IDS, Brian 
Caswell and I are proud to present a new detection plugin for Snort: 
sp_perl.  This detection plugin offers users full regular expression 
matching within a Snort rule as well as runtime execution of perl code.

The patch is available here:
http://www.snort.org/dl/contrib/patches/snort-perl/snort_perl.diff.gz
and here:
http://cerberus.sourcefire.com/~jeff/presentations/cansecwest-2003/snort_pe
rl.diff.gz

A README related to this patch and the PowerPoint slides used in the 
presentation are available here:
http://cerberus.sourcefire.com/~jeff/presentations/cansecwest-2003/READ_ME_
FIRST.txt
http://cerberus.sourcefire.com/~jeff/presentations/cansecwest-2003/caswell-
nathan.ppt

Enjoy,

Brian and Jeff

P.S. Jed Haile rules.

- --
http://cerberus.sourcefire.com/~jeff       (pgp key available)
"Great spirits have always encountered violent opposition from mediocre
minds."
- - Albert Einstein
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (OpenBSD)

iD8DBQE+vNkXEqr8+Gkj0/0RAvNNAJ9hSWmStD5PgvyL8zz2M0w3CR+grgCgiY5v
VZTv1yuYLynWA/HG81faod0=
=g1CC
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list