Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Documentation Search

     
     

    Example: Using Context Length Checking to Optimize Performance

    With signature or compound attack objects, you can use the context check constraint as a tuning device to skip processing for harmless traffic. For example, if you know that a certain class of attack, like a buffer overflow attack, always has an unusually large byte length in a given context, you can use this constraint to ignore contexts of normal length. If you set the FTP username context length requirement to be > 18, you only see signature hits when the FTP username context is longer than 18 bytes.

    You can specify multiple constraints. For example, if you add a < 25 constraint to the previous example, you see hits only when the username context is between 18 and 25 bytes.

     
     

    Published: 2011-02-08