Snort internals

From: ndesai01@tampabay.rr.com
Date: 01/01/02

• Next in thread: Martin Roesch: "Re: Snort internals"
• Reply: Martin Roesch: "Re: Snort internals"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 1 Jan 2002 02:47:52 -0000
From: <ndesai01@tampabay.rr.com>
To: focus-ids@securityfocus.com

('binary' encoding is not supported, stored as-is)

I thought that snort only used a two dimentional linked
list for the rule matching in the detection engine. I
read Marty's presentation at BlackHat and he states
that snort now uses a 3 dimentional linked list. Can
any one please explain this to me or point me to
some documentation on this. Thanks.

Neil

---

• Next in thread: Martin Roesch: "Re: Snort internals"
• Reply: Martin Roesch: "Re: Snort internals"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages WIFI cards for core 2 ... ('binary' encoding is not supported, ... snort with it. ... Will a orinoco gold work??? ... To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list ... (Fedora) Re: Snort + (OpenBSD or Linux) ... Snort + ... > on the same packet. ... pattern matching -> we use a fast pattern matcher, ... design calls for a much more streamlined detection engine, ... (Focus-IDS) Re: Snort + (OpenBSD or Linux) ... Snort + ... >> on the same packet. ... > 2.0 design calls for a much more streamlined detection engine, ... of your signature engine for the Prelude hybryde IDS ... (Focus-IDS)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ids  > 2002-01