|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Snort-users] Re: Possible Evasion in Snort Multi Pattern Algorithm
From: Jason (security
brvenik.com)
Date: Thu Jul 14 2005 - 00:16:37 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Joel Esler wrote:
> Follow-up to this being:
>
> Can a Soucefire person explain the different search methods and their
> impact?
>
net net is
mwm has a bug that allows evasion - patched in 2.4
ac does not
mwm requires less memory
ac likes more memory
There is a whole lot of stuff involved in pattern matching that smarter
people than I like to get into. You should check out the white papers on
snort.org if you want more detail though
* Optimizing Pattern Matching for Intrusion Detection
* Snort 2.0 - Multi-Rule Inspection Engine
* Snort 2.0 - Rule Optimizer
-------------------------------------------------------
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA. To register visit http://www.hp.com/go/dualwebinar
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]