Snort mailing list archives
Re: [Emerging-Sigs] request enhance old sid 3193 please
From: Matt Jonkman <jonkman () jonkmans com>
Date: Sun, 29 Jul 2012 17:40:00 -0400
Good catch, making the change now. (2103193 in the ET set) Matt On Sun, Jul 29, 2012 at 7:31 PM, rmkml <rmkml () yahoo fr> wrote:
Hi, Im request on old sid 3193 to enhance pcre, old: pcre:"/.cmd\x22.*\x26.*/smi"; new: pcre:"/\.cmd\x22.*?\x26/Ui"; Fire with this URI: /a.cmd"a& /a.cmd%22a& /a.cmd"a%26 /a.cmd%22a%26 Regards Rmkml http://twitter.com/rmkml _______________________________________________ Emerging-sigs mailing list Emerging-sigs () lists emergingthreats net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreatspro.com The ONLY place to get complete premium rulesets for Snort 2.4.0 through Current!
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- request enhance old sid 3193 please rmkml (Jul 29)
- Re: [Emerging-Sigs] request enhance old sid 3193 please Matt Jonkman (Jul 29)