Snort mailing list archives

Re: Detecting telnet connections with TERM=xxx set

From: Alberto Gonzalez <albertg () cerebro violating us>
Date: Mon, 25 Nov 2002 09:42:19 -0800

You might want to check out content-list[1]. Seems to be what yourlooking for.


Cheers!

   - Alberto

[1] - http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.3.23

Sven Huster wrote:

On Fri, Nov 22, 2002 at 02:40:22PM -0500, Chris Green wrote:

"Sven Huster" <sven.huster () hosteurope com> writes:

Thanks for that. Works ok now.

Just one other thing:
Are multiple content options are treated separate?
Like I wanted to add another one, which also might want the rawbytes option.
Do I have to specify it each time?
What up with the offset and depth options?

Thanks
Sven


--
The secret to success is to start from scratch and keep on scratching.




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Detecting telnet connections with TERM=xxx set Sven Huster (Nov 22)
- Re: Detecting telnet connections with TERM=xxx set Chris Green (Nov 22)
  - Re: Detecting telnet connections with TERM=xxx set Sven Huster (Nov 25)
    - Re: Detecting telnet connections with TERM=xxx set Brian (Nov 25)
    - Re: Detecting telnet connections with TERM=xxx set Alberto Gonzalez (Nov 25)
    - Re: Detecting telnet connections with TERM=xxx set Chris Green (Nov 25)
- Re: Detecting telnet connections with TERM=xxx set Andreas Östling (Nov 22)