Snort mailing list archives
Re: [snort-users] About attribute replacement
From: Mayur Patil <ram.nath241089 () gmail com>
Date: Fri, 18 Oct 2013 20:43:36 +0530
I am getting satisfied results with text rules but my project mentor said I must have to do some coding..... so by *compulsion* I have to use Shared object rules that is basic problem. I am getting OK results for icmp shared object rules but in case of DOS rules, mentioned options are hindering to create snort SO rules. Please help, Thanks !! * -- * *Cheers, Mayur* On Fri, Oct 18, 2013 at 8:35 PM, Joel Esler <jesler () sourcefire com> wrote:
Okay, let me start with the most basic of questions. Why would you want to convert Plain text rules to SO rules? On Fri, Oct 18, 2013 at 1:38 AM, Mayur Patil <ram.nath241089 () gmail com> wrote:Hi All, I am using rule parsing engine to convert text rules into so rules. For DOS attack detection mechanism, there are having three attributes: detection_filter rate_filter event_filter These options are successful in text rules. but when I am parsing these rules from rules generator, it gives message "NO VALID RULES TO CONVERT". Is there any alternative to above options so I can use them in sharedobjectrules?? Seeking for guidance, Thanks ! -- Cheers, Mayur.Sourcefire
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- [snort-users] About attribute replacement Mayur Patil (Oct 18)
- Re: [snort-users] About attribute replacement Joel Esler (Oct 18)
- Re: [snort-users] About attribute replacement Mayur Patil (Oct 18)
- Re: [snort-users] About attribute replacement Mayur Patil (Oct 19)
- Re: [snort-users] About attribute replacement waldo kitty (Oct 19)
- Re: [snort-users] About attribute replacement Mayur Patil (Oct 18)
- Re: [snort-users] About attribute replacement Joel Esler (Oct 18)