[Emerging-Sigs] [Snort-users] Anyones doomsday machine running low on IDS analyst tears?

evilghost@packetmail.net evilghost at packetmail.net
Wed Oct 6 23:26:47 EDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/06/2010 10:01 PM, Steven Sturges wrote:
> Or, increase the max pattern length in the default config.
> 
> Rule writers know the most unique part of the content patterns
> they are using, especially as they relate to patterns in other
> rules, and the parameters to fast_pattern give them the tools
> that are needed.

So, I've got Joel and others telling me I should use the "VRT" version
of the snort.conf; should I also expect the VRT team to realize the
max_pattern_len value set on ac-split and code the fast_pattern
plain-text rules accordingly?

Where can I find the Snort 2.9 VRT-specific rules reflecting the
max_pattern_len values in VRT config?

I missing something?

- -evilghost

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJMrT33AAoJENgimYXu6xOH4HUP/1Vfi8V0wRG3zNTsudqDoU6s
T3uj4+Pv4iiDEXdSEfbjKkwXXP3StyjU3rNYSBHB+Ev73xhfXF9gl9bIYNo0LJEs
F18ajuvoyrMYXUTiNXa2TKiNDrjEIZSbRoRAAJlJXEfrbK6CAVfm3Kdd5HeDJKfS
vanqNYqX19xB7CHhzGmvYp1BWn4SsihGp9i7q3ZLzBk4Jy5orgdm96Uu5jFJ0oFq
n6Ju/EDGclMfOqki8EucbyZki++P+7vqtn1U0/lPxKUpdTb7q33jKKyqsfmcmDjx
wekyDo4TGQSCAmH9Jr0d3D/Vf3KUUF9pByEXxY/ZykQQosTANds5t8K1cmwX1T2S
fPiOzf91dXqQspf8AdZnWNB2FE5OO3T5NvMyQYQybsGvPgUU2hrJciNOdC/ejiUl
gyR7MJfx9/sIUxRXznxlfXKnoyXofl+XawcuLuChhiaGnG2YRisESULfSZhrzcrR
1mKIeSzy+9QaLuuWVwS+bSZU0+nTNUR4mcR/V3T3hdQ+uaSCtSeBv23TgZvfLETH
1wJLOv1yDt/3nqBpkP1AEEniFVayGWxHhJKZXVP6Qa8KCuECIxoPNM8xpjQhumcG
IhjObJhorSeUI9JFryYlFtAKSUIsJuWSdJM7VB1f0Ve/jzDObyPUIBhne2hW9rk2
+Oa8iYI2Bo0nRQYemVeg
=6e2v
-----END PGP SIGNATURE-----


More information about the Emerging-sigs mailing list