|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: [snort] Dynamic Rules?
From: Stuart Staniford-Chen (stuart
SiliconDefense.com)Date: Wed Mar 22 2000 - 04:30:14 CST
- Next message: Martin Roesch: "Re: [snort] 1.6 general release compilation warning"
- Previous message: listzreticent.org: "[snort] negation operator"
- In reply to: David Klotz: "[snort] Dynamic Rules?"
- Next in thread: Martin Roesch: "Re: [snort] Dynamic Rules?"
- Reply: Stuart Staniford-Chen: "Re: [snort] Dynamic Rules?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Dave :-)
David Klotz wrote:
>
> I'm fairly new to Snort, but after a few weeks of use I'm pretty impressed.
> It even allowed us to spot an actual penetration which might have otherwise
> gone unnoticed. One feature that I would really like, and am even thinking
> of adding myself, would be some way to add, or turn on, rules dynamically.
I'd love to see that feature too. I'm always wondering "what else did
they do" and not having any way to find out. A command line option "-L
N" that would log the next N packets to or from the foreign IP after an
alert would be great.
Stuart.
--
Stuart Staniford-Chen --- President --- Silicon Defense
stuartsilicondefense.com
(707) 822-4588 (707) 826-7571 (FAX)
- Next message: Martin Roesch: "Re: [snort] 1.6 general release compilation warning"
- Previous message: listzreticent.org: "[snort] negation operator"
- In reply to: David Klotz: "[snort] Dynamic Rules?"
- Next in thread: Martin Roesch: "Re: [snort] Dynamic Rules?"
- Reply: Stuart Staniford-Chen: "Re: [snort] Dynamic Rules?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]