Get a Pentest and security assessment of your IT network.

News

Using Snort fast patterns wisely for fast rules

Snort 2.8.6 introduced the fast_pattern keyword and a new config option. Rule writers had little control over what was chosen as a rule’s fast pattern. The goal of a rule-writer should be to choose a fast pattern that will be as closely associated with the actual triggering conditions of the rule as possible. This pattern is usually the longest string in a rule, with strings of four or more bytes typically being necessary to reap the benefits of the fast pattern matcher. The problem is that this pattern will match on all SIP invitations, whereas the rule will generate an alert on only a tiny portion of those requests.”]

Source: https://blog.talosintelligence.com/2010/04/using-snort-fast-patterns-wisely-for.html

Related posts
News

Ashley Madison 2.0 Hackers Leak 20GB Data Dump, Including CEO's Emails

News

Art of Twitter account hacking

News

Take note, next week update Adobe Reader and Acrobat to fix critical flaws

News

Linux bug leaves 1.4 billion Android users vulnerable to hijacking attacks