[Snort-users] Can snort calculate on-the-fly-md5sum ?

Pratik Narang pratik.cse.bits at ...11827...
Wed Oct 3 10:49:03 EDT 2012


On Wed, Oct 3, 2012 at 8:09 PM, Balasubramaniam Natarajan <
bala150985 at ...11827...> wrote:

> Hi Snort Users,
>
> I was looking at the website http://suricata-ids.org/ and I was wondering
> if snort has similar capabilities ?  If yes could you point me at a link
> which helps me to set up the same ?
>
> *3. File Identification, MD5 Checksums, and File Extraction*
>
> Suricata can identify thousands of file types while crossing your network!
> Not only can you identify it, but should you decide you want to look at it
> further you can tag it for extraction and the file will be written to disk
> with a meta data file describing the capture situation and flow. The file’s
> MD5 checksum is calculated on the fly, so if you have a list of md5 hashes
> you want to keep in your network, or want to keep out, Suricata can find it.
> PS: I am not here to ask which IDS/IPS is best,  However I am coming in
> from a learning perspective so please don't mistake me.
>
>
That would have been an interesting question although ;)



> --
> Regards,
> Balasubramaniam Natarajan
> www.etutorshop.com/moodle/
>
>
>
> ------------------------------------------------------------------------------
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly
> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121003/18a0b5d1/attachment.html>


More information about the Snort-users mailing list