IDS patterns help

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
hi everybody;

i am developing an ids y i have found that some of these ids,
use algorithms that search for matches in different lengths of
strings. If i am not confused, SNORT, uses 'wu-manber' algorithm
to search sings of attack inside these 'strings'.

I would like to use this algorithm in my IDS, but i do not
know exactly how is it, and how to use it; Do i have to treat
some way the patterns i have to find, or is it in the part of data,
where the patterns will be found?

My ids rules, have exactly the same structures that Snort has,
where the patterns to find must be mixed (that is, that these
can contain binary  and text data -as |0A 00 03|version-). And
when one rule contains more than one pattern to find, in some
cases it is necessary to take the length in bytes, between the
coincidences of the first pattern and the next one, to be
considered an attack. It is becouse of this, where i am confused
about the way of treatment i have to make of the patterns before
using 'wu-manber' algorithm.

Please, could anybody explain me, or give me a tint about how to
use this algorithm and where can i found the source?

And in order to my implementation, does anybody know if there is
a perl module for this algorithm?

Thank you very very much in advance ;-)

Re: IDS patterns help


Quoted text here. Click to load it

Take a look at this paper: /



Mercenarie's Club Member =>
Front The Scene Team     =>
Personal Page            =>

Site Timeline