[Oisf-users] Is there any possible Suricata could support OpenAppId?
Cooper F. Nelson
cnelson at ucsd.edu
Fri Oct 16 17:23:21 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/15/2015 12:36 AM, Andreas Herz wrote:
> Are you certain? I thought it was mighty enough to handle also streams.
> And it might need good hardware but i guess that's an issue that could
> be solved. Especially if you want to have more "security" then
> performance which might be relevant in some use cases.
Currently it can only handle http streams as per this documentation:
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Lua_scripting
Unless I'm reading this wrong I get the impression that lua scripts can
only check the first packet or payload of a stream.
> The init function registers the buffer(s) that need inspection. Currently the following are available:
>
> packet -- entire packet, including headers
> payload -- packet payload (not stream)
- --
Cooper Nelson
Network Security Analyst
UCSD ACT Security Team
cnelson at ucsd.edu x41042
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJWITKJAAoJEKIFRYQsa8FWSewIAIOm+rehgwyhCnWVYWb6bUYW
GFR3B3BlBIt+DXDfwhH2G1Al5479MQeHomOKH2QPS0aj6QWUj6VLpQy4OXKxUkFs
yECYjiXfbCGlaoj2LYyTmnaazzyXJEoWQdmRwEOabQvajtMFO62lJv86CrLfb8of
P6FBe2K7sel1OlrA2WFP8odQz4xaItvr/9n75tn8D8IjA6YOBeTeS4807rAYqwpX
VU5mBMJdLEzX8E4d9OpqmmULJigdJJKMjFqJVtHqgBk5hAxY9azufXpA7pRNrZFP
d/FbtTU1KZyOr9cyw5BMsWs5PvHKaVzgT6aCL1/cNXwGXNWFzIFQjIyJmwxG6wQ=
=SFgY
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list