[Snort-users] Snort 2.8.4 Beta Now Available

Todd Wease twease at ...1935...
Tue Oct 14 17:39:50 EDT 2008


That is correct.  There are options to the tcp and udp stream5
configurations to ignore any rules (ignore_any_rules), but these have to
be rules without flow or flowbits rule options in them.  If an any any
rule has either of these two rule options then all ports will need
session trackers (and hence no port filtering).  If not, then the rule
is only ignored if it has content, byte test or pcre in it.

snort user wrote:
> If there are rules with 'any' as src and dst ports, then no traffic
> will be pre-filtered.
> Is that correct?
>
>
> On Tue, Oct 14, 2008 at 4:49 PM, Todd Wease <twease at ...1935...> wrote:
>   
>> You don't need to do anything special.  Just enable stream5 and if
>> tracking is on, it will query rules and preprocessors for ports (client
>> and server) that are important them.  If neither the rules nor
>> preprocessors are interested in a session, then stream5 will not track
>> it and it will disable processing by the preprocessors and detection engine.
>>
>> snort user wrote:
>>     
>>>>   Option to automatically pre-filter traffic that is not inspected in
>>>>
>>>>         
>>> order to improve performance
>>>
>>> To take advantage of this, does the user need to know what traffic is
>>> not to be inspected prior to running the IDS?
>>>
>>>
>>> Thanks
>>>
>>>
>>> On Tue, Oct 14, 2008 at 2:08 PM, Snort Releases <snortreleases at ...950...> wrote:
>>>
>>>       
>>>> A beta version of Snort 2.8.4 is now available on snort.org, at
>>>> http://www.snort.org/dl/
>>>>
>>>> Snort 2.8.4 introduces:
>>>>
>>>> - A revised DCE/RPC preprocessor with more rule options
>>>>
>>>> - Support for IPv6 in Frag3 and all application preprocessors
>>>>
>>>> - Improved target-based support in preprocessors
>>>>
>>>> - Option to automatically pre-filter traffic that is not inspected in
>>>> order to improve performance
>>>>
>>>> - Several other improvements and fixes
>>>>
>>>> Please see the release notes and changelog for more details.
>>>>
>>>> Please submit bugs, questions, and feedback to snort-beta at ...3990...
>>>>
>>>> Happy Snorting!
>>>> The Snort Release Team
>>>>
>>>>
>>>> -------------------------------------------------------------------------
>>>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
>>>> Build the coolest Linux based applications with Moblin SDK & win great prizes
>>>> Grand prize is a trip for two to an Open Source event anywhere in the world
>>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:
>>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>>
>>>>
>>>>         
>>> -------------------------------------------------------------------------
>>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
>>> Build the coolest Linux based applications with Moblin SDK & win great prizes
>>> Grand prize is a trip for two to an Open Source event anywhere in the world
>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>>       
>>     





More information about the Snort-users mailing list