[Snort-users] Can snort calculate on-the-fly-md5sum ?

Balasubramaniam Natarajan bala150985 at ...11827...
Wed Oct 3 10:39:11 EDT 2012


Hi Snort Users,

I was looking at the website http://suricata-ids.org/ and I was wondering
if snort has similar capabilities ?  If yes could you point me at a link
which helps me to set up the same ?

*3. File Identification, MD5 Checksums, and File Extraction*

Suricata can identify thousands of file types while crossing your network!
Not only can you identify it, but should you decide you want to look at it
further you can tag it for extraction and the file will be written to disk
with a meta data file describing the capture situation and flow. The file’s
MD5 checksum is calculated on the fly, so if you have a list of md5 hashes
you want to keep in your network, or want to keep out, Suricata can find it.
PS: I am not here to ask which IDS/IPS is best,  However I am coming in
from a learning perspective so please don't mistake me.

-- 
Regards,
Balasubramaniam Natarajan
www.etutorshop.com/moodle/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121003/6c1d4cc2/attachment.html>


More information about the Snort-users mailing list