Snort mailing list archives
Re: Detecting telnet connections with TERM=xxx set
From: Alberto Gonzalez <albertg () cerebro violating us>
Date: Mon, 25 Nov 2002 09:42:19 -0800
You might want to check out content-list[1]. Seems to be what your looking for.
Cheers! - Alberto [1] - http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.3.23 Sven Huster wrote:
On Fri, Nov 22, 2002 at 02:40:22PM -0500, Chris Green wrote:"Sven Huster" <sven.huster () hosteurope com> writes:Thanks for that. Works ok now. Just one other thing: Are multiple content options are treated separate? Like I wanted to add another one, which also might want the rawbytes option. Do I have to specify it each time? What up with the offset and depth options? Thanks Sven
-- The secret to success is to start from scratch and keep on scratching. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Detecting telnet connections with TERM=xxx set Sven Huster (Nov 22)
- Re: Detecting telnet connections with TERM=xxx set Chris Green (Nov 22)
- Re: Detecting telnet connections with TERM=xxx set Sven Huster (Nov 25)
- Re: Detecting telnet connections with TERM=xxx set Brian (Nov 25)
- Re: Detecting telnet connections with TERM=xxx set Alberto Gonzalez (Nov 25)
- Re: Detecting telnet connections with TERM=xxx set Chris Green (Nov 25)
- Re: Detecting telnet connections with TERM=xxx set Sven Huster (Nov 25)
- Re: Detecting telnet connections with TERM=xxx set Andreas Östling (Nov 22)
- Re: Detecting telnet connections with TERM=xxx set Chris Green (Nov 22)