Re: (no subject)

["Jefferson, Shawn" <Shawn.Jefferson () bcferries com>]

I don't believe that it does, and if you have rules enabled that rely on a flowbit being set, then you probably want 
that rule that sets the flowbit enabled, IMO.  A weakness, I think of pulledpork, is that it didn't tell the user what 
rules it was re-enabling in the past, maybe it does now?

-----Original Message-----
From: Jason Wallace [mailto:jason.r.wallace () gmail com] 
Sent: Thursday, March 03, 2011 5:07 AM
To: wkitty42 () windstream net
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] (no subject)

I'm not positive but I believe it enables only the ones that are actually needed based on what is actually needed. 
Meaning if a rule is enabled that uses flowbits:isset,http.quicktime; and the rule(s) that contain 
flowbits:set,http.quicktime; are disabled then it will enable that/those rules. I do not think it enables every 
flowbits:set rule.


On Wed, Mar 2, 2011 at 9:42 PM, waldo kitty <wkitty42 () windstream net> wrote:

> 2. how can/does PP handle the possibility of enabling only one or two 
> of the flowbits setting rules if not all of them are desired to be enabled?

------------------------------------------------------------------------------
Free Software Download: Index, Search & Analyze Logs and other IT data in 
Real-Time with Splunk. Collect, index and harness all the fast moving IT data 
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business 
insights. http://p.sf.net/sfu/splunk-dev2dev 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users