Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Content Negation

From: Gurgen Hakobyan <hakobyan () outlook com>
Date: Wed, 6 Apr 2016 21:30:24 +0000
Hello all,

Is is possible to create a negative rule of a kind: “If content X is not found in a flow within Y time, raise an 
alert”? 

Let’s say I am looking for a HTTP stream that does not send a POST within n seconds.

There are ways to negate various stuff but I can’t think of how to implement this.

Thanks,
Gurgen
------------------------------------------------------------------------------
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: