Re: Case sensitive fast pattern matches

[waldo kitty <wkitty42 () windstream net>]

On 3/5/2014 10:02 AM, Mike Cox wrote:
> Dear Snort Community,
>
> I will keep this "short and sweet".  For many years I have appreciated the
> functionality of the Snort fast pattern matcher.  Yet I often wish (read:
> strongly desire) that it would be case-sensitive, or at the very least, have the
> capability to specify if a fast pattern match should be case sensitive or not.
>
> A case sensitive match should be more efficient that one that is not and a lot
> of times, while I benefit from the overall performance enhancement from the fast
> pattern matcher, the engine has to re-evaluate the content match again because I
> need the match to be case sensitive so I can't set it as, "fast_pattern:only".
> This is very frustrating (hence this email).

you can't set your content match as fast_pattern:only and then use regex to 
check the case sensitivity?

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Subversion Kills Productivity. Get off Subversion & Make the Move to Perforce.
With Perforce, you get hassle-free workflows. Merge that actually works. 
Faster operations. Version large binaries.  Built-in WAN optimization and the
freedom to use Git, Perforce or both. Make the move to Perforce.
http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!