[Snort-users] Rule Chaining
mkettler at ...4108...
Fri Feb 25 08:47:43 EST 2005
At 12:25 AM 2/25/2005, Madhur Nagar wrote:
>I wanted to knw that does SNORT allow
>1. Rule Chaining - one rule calling another
Not that I'm aware of.
>2. Stateful Checking - Checking for a content in say
>10 packets and only if the content of all the 10
>matches then take some action
No, but this can be approximated with the threshold keyword.
>3. Remote Rule Updation
Eh? "rule updating"? Yes, snort rules can be updated, but that's done
outside of snort. There's even a handy tool called oinkmaster to help
>I would also be grateful if someone could please tell
>me in which files is the source code for the rules
>related to the above topics
Sorry, I don't know off the top of my head.. do some grepping for threshold
in the code.
More information about the Snort-users