Snort mailing list archives
Re: Applying a rule on entire session
From: Dennis George <easyeinfo () yahoo com>
Date: Wed, 8 Sep 2004 01:53:11 -0700 (PDT)
Hi,
flowbits and looking for the FIN and/or RST flags?
I mean to say that the rules should be applied to the reassembled data chunk of the entire session. The rule should not be applied to each packet coming.... instead after all the packet form a session then only apply that rule......... Regards Dennis "Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk> wrote: --On 07 September 2004 20:48 -0700 Dennis George wrote:
Hi all, Is it possible to apply a particular rule only after catching the entire session, not on every packet............ ??
flowbits and looking for the FIN and/or RST flags?
Thanks in advance........ Dennis
Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9
---------------------------------
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
Current thread:
- Applying a rule on entire session Dennis George (Sep 07)
- Re: Applying a rule on entire session Alex Butcher, ISC/ISYS (Sep 08)
- Re: Applying a rule on entire session Dennis George (Sep 08)
- Re: Applying a rule on entire session Alex Butcher, ISC/ISYS (Sep 08)
- Re: Applying a rule on entire session Dennis George (Sep 08)
- <Possible follow-ups>
- RE: Applying a rule on entire session Mohammad Abdel Hady (Sep 08)
- Re: Applying a rule on entire session Alex Butcher, ISC/ISYS (Sep 08)