[Snort-users] how to disable compile-time reload option?
Shawn.Jefferson at ...14448...
Thu Sep 30 15:40:30 EDT 2010
The Host Attribute Table is an awesome feature of newer versions of Snort that allows you to import a table with your hosts, what services they are running and on what ports. A rule that targets http (specified by the "service" tag) may then inspect traffic that isn't on the traditional http ports, because snort knows that this host is running an HTTP service and on which port.
The trick is building the host table... There is Hogger which takes nmap results and builds the table, and PRADS which passively listens on your network and will build the table. I'm using PRADS, since I have some sensitive devices on my network that choke on an NMAP scan... it's been working pretty well.
From: waldo kitty [mailto:wkitty42 at ...14940...]
Sent: Thursday, September 30, 2010 11:58 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] how to disable compile-time reload option?
speaking of the above, what exactly is "attributes"?
More information about the Snort-users