Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] Snort 2.4.0 problem

from [Frank Knobbe] Network Security [Permanent Link]
Subject: Re: [Snort-users] Snort 2.4.0 problem
Date: Fri, 29 Jul 2005 11:27:47 -0500 
On Fri, 2005-07-29 at 11:06 -0500, Frank Knobbe wrote:

Any idea why and what 'Pure' is?  How can it not be supported at this
time if it's the latest version of snort? 2.3.3 seems to work fine.


Pure Not-rules are rules containing only a content:!"blah"; without a
'positive' content match (content:"blurb";).

The single match for "=" was dragging performance up since it occurred
before the pcre match, which is usually the way to go since content is
faster than pcre, but the match was no unique enough, incurring a lot of
recursion which hurt performance. Without that match, the performance
increased, but it seem because Snort just ignored that rule now :)

The content:"="; has been added again. Snort should now start without
those errors again. Changes have been committed to Bleeding. Please
update your Bleeding rules and try again.

Regards,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] Snort 2.4.0 problem, Frank Knobbe
Next by Date:  [Snort-users] Snort IDMEF Plugin 2.0.0alpha2 released for Snort 2.4.0, Sandro Poppi
Previous by Thread:  Re: [Snort-users] Snort 2.4.0 problem, Frank Knobbe
Next by Thread:  [Snort-users] Snort IDMEF Plugin 2.0.0alpha2 released for Snort 2.4.0, Sandro Poppi
Indexes:  [Date] [Thread] [Top] [All Lists]