Snort mailing list archives
Re: Escaping "content" characters
From: Gary Flynn <flynngn () jmu edu>
Date: Fri, 15 Nov 2002 18:43:46 -0500
Never mind. It was a browser caching issue causing snort not to see any packets. :) Gary Flynn wrote:
I'm trying to get a rule working that detects content having backslashes following by double quotes. \" If I do this: \\" Snort complains that the double quote isn't escaped. If I do this: \\\" The rule doesn't detect the packet. I may have some other problems with my eyeballs and I'll browse the existing rules but I thought I'd double check the escaping rules here. The docs I have say only " : | need escaping. What about backslash and semicolon? Others? \ ; thanks, -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe ------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe ------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Escaping "content" characters Gary Flynn (Nov 15)
- Re: Escaping "content" characters Gary Flynn (Nov 15)
- Re: Escaping "content" characters Brian (Nov 16)