Force10 Networks PSeries 100-00055-01 User Manual
Page 57
P-Series Installation and Operation Guide, version 2.3.1.2
57
7
The pnic-Compiler prepends a set of fixed rules—called evasion.rules —
located in the pnic-compiler/rules directory. The rules help detect attacks
which are using strategic TCP segmentation to avoid detection.
It is best to include this file if Snort is being used as the front end. If not
using Snort as the front end, these rules should not be included or they
should be changed to accommodate other packet analysis requirements
(see
8
Specify the maximum number of bytes a single static rule can use for
content matching.
A low value truncates the match string and increases the number of rules
that can fit into the FPGA, but this is at the expense of increased false
positives.
A value lower than 1024 is not recommended unless you can cope with the
increased number of false positives through Snort or some other means
(see
9
Firmware Name
Enter a mnemonic name for the firmware you are about to create.
10
Enter
Yes to save the configuration and compile the Snort rules into
firmware (see
Table 8 Compiler Configuration Options
Compilation Option
Description