Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort rule for a pattern match?

From: "lists () packetmail net" <lists () packetmail net>
Date: Wed, 27 Mar 2013 09:55:51 -0500
On 03/27/2013 09:45 AM, Shields, Joseph (NIH/NIEHS) [C] wrote:

How can I write this rule?


Write the PCRE and I'll write the rule.  You have to use byte_test/byte_extract
or PCRE.  Either way, IHMO, Snort isn't the best place to do this level of
complex packet analysis because it'll be a costly rule.

------------------------------------------------------------------------------
Own the Future-Intel&reg; Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game 
on Steam. $5K grand prize plus 10 genre and skill prizes. 
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: