[Snort-users] Rule Chaining

Esler, Joel CNTR/Sytex joel.esler at ...9426...
Fri Feb 25 09:29:58 EST 2005


Rule chaining can be done with "Activate" and "Dynamic" can it not?


Joel

On Fri, 2005-02-25 at 11:44 -0500, Matt Kettler wrote:

> At 12:25 AM 2/25/2005, Madhur Nagar wrote:
> >Hi
> >I wanted to knw that does SNORT allow
> >1. Rule Chaining - one rule calling another
> 
> Not that I'm aware of.
> 
> >2. Stateful Checking - Checking for a content in say
> >10 packets and only if the content of all the 10
> >matches then take some action
> 
> No, but this can be approximated with the threshold keyword.
> 
> >3. Remote Rule Updation
> 
> 
> Eh? "rule updating"? Yes, snort rules can be updated, but that's done 
> outside of snort. There's even a handy tool called oinkmaster to help 
> automate it.
> 
> 
> >I would also be grateful if someone could please tell
> >me in which files is the source code for the rules
> >related to the above topics
> 
> Sorry, I don't know off the top of my head.. do some grepping for threshold 
> in the code.
> 
> 
> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
Esler, Joel CNTR/Sytex <joel.esler at ...9426...>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050225/cf69b6a3/attachment.html>


More information about the Snort-users mailing list