Snort mailing list archives
rules keyword
From: "Patrice Boulanger" <pboulanger () fr externall net>
Date: Wed, 8 Jan 2003 18:48:50 +0100
Hi, Someone can tell me what the "within" keyword in the following rule means : alert tcp $EXTERNAL_NET any -> $HOME_NET 110 (msg:"POP3 PASS overflow attempt"; flow:to_server,established; content:"PASS "; nocase; content:!"|0a|"; within:50; reference:cve,CAN-1999-1511; reference:nessus,10325; classtype:attempted-admin; sid:1634; rev:5;) I have read the doc but there is nothing about this. I use a snort v1.9 and my rules set comes directly from snort.org. These rules are attempted to be use with this version (as indicated on the web site). Thank in advance for your help. ---------- Patrice Boulanger EXTERNALL pboulanger () fr externall net http://www.externall.net 137, bvd Voltaire - 75011 Paris Standard: +33 1 58 39 33 00 Direct: +33 1 58 39 33 61 ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- rules keyword Patrice Boulanger (Jan 08)
- Re: rules keyword Erek Adams (Jan 08)
- Re: rules keyword James Hoagland (Jan 08)
- RE: rules keyword Patrice Boulanger (Jan 08)