[Snort-users] how to disable compile-time reload option?

waldo kitty wkitty42 at ...14940...
Thu Sep 30 15:51:41 EDT 2010


On 9/30/2010 15:40, Jefferson, Shawn wrote:
> The Host Attribute Table is an awesome feature of newer versions of Snort that allows you to import a table with your hosts, what services they are running and on what ports.  A rule that targets http (specified by the "service" tag) may then inspect traffic that isn't on the traditional http ports, because snort knows that this host is running an HTTP service and on which port.
>
> The trick is building the host table... There is Hogger which takes nmap results and builds the table, and PRADS which passively listens on your network and will build the table.  I'm using PRADS, since I have some sensitive devices on my network that choke on an NMAP scan... it's been working pretty well.

ahhh... ok... i wasn't sure if it was that or if "attributes" was being used 
generically to mean all or some of the snort.conf configuration options...

thanks!




More information about the Snort-users mailing list