Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: MP3's are evil... Searching for traffic based upon uploaded file type...

From: Jason Haar <Jason.Haar () trimble co nz>
Date: Fri, 06 Aug 2010 13:01:40 +1200
 On 08/06/2010 04:20 AM, Joel Esler wrote:

As an aside, you can try, instead of removing your content, put it in
addition to your PCRE.

Place your pcre after your content and it's modifiers, and see if that
makes a difference.



Hi Joel

Excuse my ignorance, but the order of content and pcre makes a
difference? Put it another way, is there any reason to ever have pcre
before content, and if not, why doesn't snort just re-order them during
parsing?

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


------------------------------------------------------------------------------
This SF.net email is sponsored by 

Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: