Snort mailing list archives
RE: pcre usage for inline
From: "Jeff Dell" <jdell () activeworx com>
Date: Wed, 15 Jun 2005 16:28:38 -0400
Donno about pcre, but you can do this with snort inline: alert tcp any any <> any 80 (msg: "change stuff"; content:"stuff"; replace:"newstuff";) Jeff
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Joel Esler Sent: Wednesday, June 15, 2005 4:25 PM To: Snort Users; snort-inline-users-request () lists sourceforge net; snort-sigs mailinglist Subject: [Snort-users] pcre usage for inline Just wondering, since we have the ability to modify items with regular expressions... can it be done in a snort rule? like.. pcre:"s/stuff/newstuff/"; just a thought.. be able to modify actual data on the fly... J ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=ick _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users
------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- pcre usage for inline Joel Esler (Jun 15)
- RE: pcre usage for inline Jeff Dell (Jun 15)
- Re: pcre usage for inline Joel Esler (Jun 15)
- RE: pcre usage for inline Jeff Dell (Jun 15)