Home page logo
/

snort logo Snort mailing list archives

Re: Using detection_filter instead of threshold
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 27 Oct 2010 17:02:04 -0400

On Oct 27, 2010, at 4:50 PM, Matthew Jonkman <jonkman () emergingthreatspro com> wrote:

Can we see where this is going on the dev roadmap? When will threshold go away?

Maybe a Dev can answer this, but as far as I know there aren't any plans to remove it yet. 


How can we keep it? Can we get event_filter and such allowed within the rule itself if threshold is going away?

And why'd we change anyway?

The new event_filter allows rate_filter. This allows rate based attack detection and auto blocking. 
------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]