Filter
Top Products
P-Series Installation and Operation Guide, version 2.3.1.2 57
7 Segmentation Evasion Rules The pnic-Compiler prepends a set of fixed rules—called evasion.rules —
located in the pnic-compiler/rules directory. The rules help detect attacks
which are using strategic TCP segmentation to avoid detection.
It is best to include this file if Snort is being used as the front end. If not
using Snort as the front end, these rules should not be included or they
should be changed to accommodate other packet analysis requirements
(see Figure 36 on page 59).
8 Maximum String Specify the maximum number of bytes a single static rule can use for
content matching.
A low value truncates the match string and increases the number of rules
that can fit into the FPGA, but this is at the expense of increased false
positives.
A value lower than 1024 is not recommended unless you can cope with the
increased number of false positives through Snort or some other means
(see Figure 37 on page 60).
9 Firmware Name Enter a mnemonic name for the firmware you are about to create.
10 Confirmation Enter Yes to save the configuration and compile the Snort rules into
firmware (see Figure 37 on page 60).
Table 8 Compiler Configuration Options
Compilation Option Description