[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-sigs
Subject:    [Snort-sigs] Packet Classification Scenario
From:       j2mb0 via Snort-sigs <snort-sigs () lists ! snort ! org>
Date:       2020-04-09 1:28:06
Message-ID: 790eeba5-541a-5fdf-bb78-0a3fbf1d5317 () riseup ! net
[Download RAW message or body]

hey everyone,

i am deploying a firewall algorithm in the snort detection engine for
myself, can you think of any scenario in intrusion detection (Snort)
where the there are many *different* source/destination ip in the rules
and *almost no "content" fields*? my algorithm is optimized for fast
classification of a packet against the classic 5 tuple (srcip,dstip,
,srcport, dsport, proto)? I would generate a rule set that fits to this
scenario. would be awesome if anyonecan offer help.


Thanks in advance.


_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.snort.org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up \
to date to catch the most <a href=" \
https://snort.org/downloads/#rule-downloads">emerging threats</a>!


[prev in list] [next in list] [prev in thread] [next in thread]