Thursday, February 14, 2008

Snort Report 13 Posted

My 13th Snort Report titled How to use shared object rules in Snort is posted. From the start of the article:

Shared object (SO) rules were introduced in Snort 2.6.0 in early 2006 to provide a means to obscure the exact detection mechanism used in the rule and allow for more flexible detection criteria. However, for the most part, organizations have continued to rely upon traditional Snort rules. This may be about to change, in light of a recent security advisory from Sourcefire. Let's take a look at how to get shared object rules working on Snort sensors.

If you have questions on Snort you'd like me to try to answer, please post them as comments here. Thank you.

1 comment:

Anonymous said...

Good report. I was wondering why snort put the precompiled versions :)