How to install Times New Roman font in Manjaro Linux

Snort_inline n00b

Victor Julien
To: mnajem
Hi! mnajem wrote: > hi, > > i am relatively new to IDS and IPS stuffs. > I am confused with > > snort rules, say here: > http://www.bleedingthreats.net/bleeding-all.rules > > and snort_inline rules. > > do they have difference? i mean do snort_inline use snort's rules so > that the iptables will drop messages got via libipq? I think the difference is just that the snort_inline rules have the action set to 'drop' already. The Snort rules are just using 'alert'. > currently i'm trying to do research on improving speed of IDS/IPS > whether on signature checking or if possible in layer 7 inspection/deep > inspection. > > in addition, i also confused whether l7 netfilter do the same job of > snort_inline on inspection packets. The l7 matching in netfilter and also the string matching in netfilter are very limited compared to Snort. This is because snort does many more things with the packets before inspecting them, such as stream reassembly, decoding, normalizing, etc. All these things are not possible in netfilter. The advantage of the netfilter modules however, is speed. The speed of a in-kernel matching mechanism is much higher. The disadvantage is that it's trivial to evade detection by methods like session splicing or tcp fragmentation and all kinds of encoding. Hope this helps, Victor