[Snort-users] Rule Chaining
bmc at ...950...
Fri Feb 25 11:14:31 EST 2005
On Thu, Feb 24, 2005 at 09:25:35PM -0800, Madhur Nagar wrote:
> 1. Rule Chaining - one rule calling another
FYI, most uses of activate/dynamic should be replaced with flowbits.
Sure flowbits only works on a single flow, but it works oh so much
better than activate/dynamic rules.
> 2. Stateful Checking - Checking for a content in say 10 packets and
> only if the content of all the 10 matches then take some action
Sure, thresholding can do this.
> 3. Remote Rule Updation
Sounds like you need snort-perl 1.0 :P. Remote rule installation was
one of the primary features I added in my latest iteration of snort +
More information about the Snort-users