Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] preprocessor's rules???

from [Justin Heath] Network Security [Permanent Link]
Subject: Re: [Snort-users] preprocessor's rules???
Date: Tue, 15 Apr 2008 08:35:40 -0400 
They are stub rules that control the alerting functionality of
preprocessor alerts. So, for example ...


alert ( msg: "STREAM5_DATA_WITHOUT_FLAGS"; sid: 11; gid: 129; rev: 1;
metadata: rule-type preproc ; classtype:protocol-command-decode; )

Would enable the alerting of the stream5 without flags alert.

Each alerting preproc should have a readme which describes the alerts
associated with it. In addition the gen-msg.map should give you a list
if preprocessor gids along with their associated sids.


Cheers,
Justin



On Tue, Apr 15, 2008 at 1:36 AM, Rachmat Hidayat Al-Anshar
<rachmat_hidayat_02@yahoo.com> wrote:

Hi all.... :)

I just want to know more about this following line on
snort configurations file..
var PREPROC_RULE_PATH ../preproc_rules

what is preprocessor rules are??
and then, since I know that Snort's preprocessor only
use plug-ins for its
process, is it something that I missed about this
"rules" for preprocessor...

Any response supporting this question will greatly
appreciated
Thanks in advance
Rachmat Hidayat Al Anshar


     
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile.  Try it now.  
http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] preprocessor's rules?, Nigel Houghton
Next by Date:  Re: [Snort-users] preprocessor's rules?, Justin Heath
Previous by Thread:  Re: [Snort-users] preprocessor's rules?, Justin Heath
Next by Thread:  [Snort-users] Sflowtool and Snort, melanie . te . laake
Indexes:  [Date] [Thread] [Top] [All Lists]