Snort mailing list archives
Re: Snort's modules
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 25 Jul 2012 10:41:32 -0400
On Jul 25, 2012, at 8:58 AM, Pratik Narang <pratik.cse.bits () gmail com> wrote:
I have been playing around with Snort for a while now. I am beginning to wonder that apart from its Signatures being its biggest strength, what else are the things on which Snort relies upon? Prima facie, the preprocessor modules don't involve signatures- am I right here? Does Snort have an Anomaly engine?? If not, i would be interested in knowing how all the network stuff which cannot be detected via signatures (or you may say that I do not wish to use signatures) can be detected with Snort?
Snort can detect many things without looking into its rules engine. Obviously, as you said the ruleset being one of the most effective pieces of Snort. The preprocessors can be considered anomaly detection most definitely. If you look at the alerts that it generates. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Snort's modules Pratik Narang (Jul 25)
- Re: Snort's modules Joel Esler (Jul 25)
- Re: Snort's modules Russ Combs (Jul 25)
- Re: Snort's modules Pratik Narang (Jul 27)
- Re: Snort's modules Russ Combs (Jul 27)
- Re: Snort's modules Pratik Narang (Jul 27)
- <Possible follow-ups>
- Snort's modules Pratik Narang (Jul 25)