NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Snort IDS> 2000-03

Subject: Re: [snort] Snort 1.7 projected features
From: Martin Roesch (roeschhiverworld.com)
Date: Thu Mar 30 2000 - 13:05:10 CST

Next message: Martin Roesch: "Re: [snort] a bug in spp_portscan.c"
Previous message: James Hoagland: "[snort] Unattended case in log file name: no home network and ICMP"
In reply to: Kirwan Marty: "RE: [snort] Snort 1.7 projected features"
Reply: Martin Roesch: "Re: [snort] Snort 1.7 projected features"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hey, we only stayed up 'till they kicked us out of the bars. :) Maybe
we should have done some documentation while we had the manpower
together (although Andrew assures me that he's going to be tackling the
documentation problem "real soon now....")

-Marty

Kirwan Marty wrote:
>
> Well, if you didn't stay up till 2 AM drinking every night you wouldn't need
> to catch up on sleep ;-) I'm glad to see your coherent again. You weren't
> looking too good in the class Tuesday.
>
> Marty Kirwan
>
> -----Original Message-----
> From: Andrew R. Baker [mailto:andrewbuab.edu]
> Sent: Thursday, March 30, 2000 12:41 AM
> To: snortbofh.kyrnet.kg
> Subject: [snort] Snort 1.7 projected features
>
> OK, I've finally gotten some sleep and had enough time to login so here is
> the first draft of the features being planned for Snort 1.7. I have also
> included a short description of each one. Hopefully I got all these
> correct. I am sure there will be more specifics about some of these
> later (right Marty?).
>
> Address sets - allow for a list of address entries in a rule
> Port sets - allow for a list of port entries in a rule
> Dynamic Rules - allows rules to be activated/deacitvated by other rules
> non-IP logging/alerting - allow rules for thins other than IP
> redesigned "logto" - incorporate user requests for this plugin
> ARP rules - support for ARP packets
> IP/netmask format - use things like "192.168.0.4 255.255.0.255" in
> rules
>
> There will also be an assortment of new plugins to go along with this. I
> will not say this is the complete list of new features and I do not claim
> all will get implemented, but this is the current direction.
>
> -Andrew

-- 
Martin Roesch                      <roeschhiverworld.com>
Director of Forensic Systems     http://www.hiverworld.com
Hiverworld, Inc.               Enterprise Network Security
Network Forensics, Intrusion Detection and Risk Assessment

Next message: Martin Roesch: "Re: [snort] a bug in spp_portscan.c"
Previous message: James Hoagland: "[snort] Unattended case in log file name: no home network and ICMP"
In reply to: Kirwan Marty: "RE: [snort] Snort 1.7 projected features"
Reply: Martin Roesch: "Re: [snort] Snort 1.7 projected features"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]