[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-sigs
Subject: [Snort-sigs] Packet Classification Scenario
From: j2mb0 via Snort-sigs <snort-sigs () lists ! snort ! org>
Date: 2020-04-09 1:28:06
Message-ID: 790eeba5-541a-5fdf-bb78-0a3fbf1d5317 () riseup ! net
[Download RAW message or body]
hey everyone,
i am deploying a firewall algorithm in the snort detection engine for
myself, can you think of any scenario in intrusion detection (Snort)
where the there are many *different* source/destination ip in the rules
and *almost no "content" fields*? my algorithm is optimized for fast
classification of a packet against the classic 5 tuple (srcip,dstip,
,srcport, dsport, proto)? I would generate a rule set that fits to this
scenario. would be awesome if anyonecan offer help.
Thanks in advance.
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.snort.org
https://lists.snort.org/mailman/listinfo/snort-sigs
Please visit http://blog.snort.org for the latest news about Snort!
Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up \
to date to catch the most <a href=" \
https://snort.org/downloads/#rule-downloads">emerging threats</a>!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic