Flexresp: react combined with a content-list

["Maetzky, Steffen (Extern)" <Steffen.Maetzky () gedas de>]

Hi,

I have read that it should be possible to use "react" in combination with
"content-list" but I don't find a key-word "content-list"
In the manual. Is it changed to an other key word or is my information
wrong? I'm testing with the latest Current-Release.

The Rule should do something like that:

alert "Protocol" any any <> any "Port" (msg: "Text"; flags: A+;
content-list: "FileName"; react: block, msg;)

#file: FileName
"word1"
"word2"
"word3"

1. Does anyone know if content-list is a valid key-word?
2. Does anyone know a scenario to test flexresp rules without risks for the
existing network?

Thanks in advance,

Steffen




-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
> From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users