Snort mailing list archives
just something to note about ftpbounce keyword.
From: Will Metcalf <william.metcalf () gmail com>
Date: Wed, 17 Mar 2010 16:23:21 -0500
I can't really see a valid use case here as the ftpbounce keyword is used in all of like one rule but..... Regards, Will #test 128 ftpbounce byte_test + relative #fails # #file ftpbounceattack.pcap alert tcp any any -> any any (msg:"ftpbounce + byte_test + relative"; content:"P"; byte_test:1,=,82,1,relative; ftpbounce; classtype:bad-unknown; sid:128; rev:1;) #test 129 byte_test + relative #works # #file ftpbounceattack.pcap alert tcp any any -> any any (msg:"ftpbounce + byte_test + relative"; content:"P"; byte_test:1,=,82,1,relative; classtype:bad-unknown; sid:129; rev:1;) ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- just something to note about ftpbounce keyword. Will Metcalf (Mar 17)
- Re: just something to note about ftpbounce keyword. Will Metcalf (Mar 17)
- Re: just something to note about ftpbounce keyword. Steven Sturges (Mar 18)
- Re: just something to note about ftpbounce keyword. Will Metcalf (Mar 18)
- Re: just something to note about ftpbounce keyword. Nigel Houghton (Mar 18)
- Re: just something to note about ftpbounce keyword. Steven Sturges (Mar 18)
- Re: just something to note about ftpbounce keyword. Will Metcalf (Mar 17)