Snort mailing list archives
Re: [Snort-user] dynamic variable for content match
From: zT <zzahra88 () gmail com>
Date: Thu, 29 Jan 2015 15:20:31 +0330
reading data form input in snort rules and search this input data in packet content i want this. like c++ cin>>x; how can we do this in snort rules???? On Thu, Jan 29, 2015 at 2:32 PM, Al Lewis (allewi) <allewi () cisco com> wrote:
If you are trying to read information from a c++ program (using cin) and then have snort match on THAT content AFTER snort has already been started you are probably going to have to create something custom. Im not aware of a clean way to “input” data into snort without requiring a restart. Hope this helps. Albert Lewis QA Software Engineer SOURCE*fire*, Inc. now part of *Cisco* 9780 Patuxent Woods Drive Columbia, MD 21046 Phone: (office) 443.430.7112 Email: allewi () cisco com *From:* zT [mailto:zzahra88 () gmail com] *Sent:* Thursday, January 29, 2015 12:14 AM *To:* waldo kitty *Cc:* snort-users *Subject:* Re: [Snort-users] [Snort-user] dynamic variable for content match thank you for your explanation, (sorry for that my English is not good :) ). i just want to have a this simple thing in other language char* x; cin>>x; i am try to use shared object but i don't know is this possible??? On Thu, Jan 29, 2015 at 4:22 AM, waldo kitty <wkitty42 () windstream net> wrote: On 1/27/2015 11:35 AM, zT wrote:i don't understand what do you mean????you said that you wanted to enter a string at the command line and have a rule in snort detect that string in the network traffic... Al asked you to clarify and listed his understanding of what you wanted to do... you came back and said that was not the way you wanted to do it... so i asked you to be more explicit and tell us how you do want to do it... we're still waiting on your explanation of what you desire ;)On 1/27/15, waldo kitty <wkitty42 () windstream net> wrote:On 1/26/2015 3:42 PM, zT wrote:tnx for your suggest but i don't want to do in this way. tnx any way :)then you need to be much much clearer in what you want to do... you either write and use static rules or you develop some sort ofdynamicrule that has some sort of command line interface...-- NOTE: No off-list assistance is given without prior approval. Please *keep mailing list traffic on the list* unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- [Snort-user] dynamic variable for content match zT (Jan 26)
- Re: [Snort-user] dynamic variable for content match Al Lewis (allewi) (Jan 26)
- Re: [Snort-user] dynamic variable for content match zT (Jan 26)
- Re: [Snort-user] dynamic variable for content match waldo kitty (Jan 27)
- Re: [Snort-user] dynamic variable for content match zT (Jan 27)
- Re: [Snort-user] dynamic variable for content match waldo kitty (Jan 28)
- Re: [Snort-user] dynamic variable for content match zT (Jan 28)
- Re: [Snort-user] dynamic variable for content match Al Lewis (allewi) (Jan 29)
- Re: [Snort-user] dynamic variable for content match zT (Jan 29)
- Re: [Snort-user] dynamic variable for content match zT (Jan 26)
- Re: [Snort-user] dynamic variable for content match Al Lewis (allewi) (Jan 26)