[Snort-users] how to disable compile-time reload option?

Joel Esler jesler at ...1935...
Thu Sep 30 16:06:33 EDT 2010


On 9/30/10 3:51 PM, "waldo kitty" <wkitty42 at ...14940...> wrote:
>On 9/30/2010 15:40, Jefferson, Shawn wrote:
>> The Host Attribute Table is an awesome feature of newer versions of
>>Snort that allows you to import a table with your hosts, what services
>>they are running and on what ports.  A rule that targets http (specified
>>by the "service" tag) may then inspect traffic that isn't on the
>>traditional http ports, because snort knows that this host is running an
>>HTTP service and on which port.
>>
>> The trick is building the host table... There is Hogger which takes
>>nmap results and builds the table, and PRADS which passively listens on
>>your network and will build the table.  I'm using PRADS, since I have
>>some sensitive devices on my network that choke on an NMAP scan... it's
>>been working pretty well.
>
>ahhh... ok... i wasn't sure if it was that or if "attributes" was being
>used 
>generically to mean all or some of the snort.conf configuration options...
>
>thanks!

I'll put this in as a feature request for a future version of Snort.

Joel






More information about the Snort-users mailing list