Snort mailing list archives
Re: info about snort architecture
From: Bennett Todd <bet () rahul net>
Date: Wed, 26 Mar 2003 12:42:36 -0500
On Wed, Mar 26, 2003 at 12:52:16PM +0100, Andrea Iacopini wrote:
very simple question: what kind of analysis snort use ?
Would that it were simple.
I refer to signature analysis and protocol analysis.
Snort definitely does signature analysis; it has a database of signatures (in the rules files) that match various attacks, or in some cases vulnerabilities, and set off alerts. "Protocol analysis" is harder to answer, since that's a vague marketing term. Snort has many preprocessors, many of which analyze packets with knowlege of various protocols, reporting various sorts of problems. Snort can certainly claim to be doing protocol analysis. However, since marketers created the phrase "protocol analysis" to try and differentiate their own products, you'll see different definitions bandied about by different people; I wouldn't recommend using that phrase to try and get work done:-). -Bennett ------------------------------------------------------- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- info about snort architecture Andrea Iacopini (Mar 26)
- Re: info about snort architecture Bennett Todd (Mar 26)