Snort mailing list archives

Re: Snort stateless/asymmetric mode

From: Rodolfo Etore <rponteado () gmail com>
Date: Fri, 10 May 2013 12:13:38 -0300

2013/5/9 beenph <beenph () gmail com>


On Thu, May 9, 2013 at 8:42 PM, James Lay <jlay () slave-tothe-box net> wrote:


Hello boss, I do understand your point of view but this won't help us at
this point, i would like to know if there's a way i could set snort to match
with only fragments of the packet, like only the GET or only the response.


Its possible, but looking at previous e-mails in the thread you might
want to rethink your IDS deployement
before or after routing occurs to balancers.

-elz

If is possible can you please let me know how i can get this done?


------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!





--
Muito obrigado desde já

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and 
their applications. This 200-page book is written by three acclaimed 
leaders in the field. The early access version is available now. 
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Snort stateless/asymmetric mode Rodolfo Etore (May 08)
- Re: Snort stateless/asymmetric mode James Lay (May 08)
  - Re: Snort stateless/asymmetric mode Rodolfo Etore (May 08)
    - Re: Snort stateless/asymmetric mode James Lay (May 08)
    - Re: Snort stateless/asymmetric mode Rodolfo Etore (May 09)
    - Re: Snort stateless/asymmetric mode James Lay (May 09)
    - Re: Snort stateless/asymmetric mode beenph (May 09)
    - Re: Snort stateless/asymmetric mode Rodolfo Etore (May 10)
    - Re: Snort stateless/asymmetric mode Joel Esler (May 10)