OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [snort] Dynamic Rules?
From: Stuart Staniford-Chen (stuartSiliconDefense.com)
Date: Wed Mar 22 2000 - 04:30:14 CST


Hi Dave :-)

David Klotz wrote:
>
> I'm fairly new to Snort, but after a few weeks of use I'm pretty impressed.
> It even allowed us to spot an actual penetration which might have otherwise
> gone unnoticed. One feature that I would really like, and am even thinking
> of adding myself, would be some way to add, or turn on, rules dynamically.

I'd love to see that feature too. I'm always wondering "what else did
they do" and not having any way to find out. A command line option "-L
N" that would log the next N packets to or from the foreign IP after an
alert would be great.

Stuart.

-- 
Stuart Staniford-Chen --- President --- Silicon Defense
                   stuartsilicondefense.com
(707) 822-4588                     (707) 826-7571 (FAX)