Snort mailing list archives
(no subject)
From: "Sean Wheeler" <s.wheeler () netprotect ch>
Date: Sat, 26 Oct 2002 00:57:52 +0200
Hi, Could someone explain what these new options are : distance within relating to a content option. Are these enhancements to the offset & depth options ? Below is an experimental rule example : alert udp any $any -> $Trusted_Networks 1024: (msg: "EXPERIMENTAL RPC status GHBN format string attack"; content: "|00 01 86 B8|"; content: "|00 00 00 02|"; distance: 4; within: 4; content: "%x %x"; distance: 16; within: 256; sid: 1890; rev: 1; reference:bugtraq,1480; reference: cve,CVE-2000-0666; classtype: misc-attack;) regards Sean ------------------------------------------------------- This sf.net email is sponsored by: Influence the future of Java(TM) technology. Join the Java Community Process(SM) (JCP(SM)) program now. http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- getting snort via CVS? Zachary Uram (Oct 25)
- RE: getting snort via CVS? Wayne T Work (Oct 25)
- (no subject) Sean Wheeler (Oct 25)
- <Possible follow-ups>
- RE: getting snort via CVS? Miller, Eoin (Oct 25)
- RE: getting snort via CVS? Miller, Eoin (Oct 25)
- RE: getting snort via CVS? Wayne T Work (Oct 25)