Snort mailing list archives
Alarm rule specific to a network session
From: Knut Borg <knutborg () gmail com>
Date: Fri, 22 Mar 2013 15:36:18 +0100
Hey I know this is mostly unlikely, but I'm willing to give it a shot. If you create a detection rule based on a magic number of a specific file, is it possible to make a new rule which will detect the footer of the file in that specific session? I.e. the "footer" alarm will not trigger if no header have been detected in the same session. Knut
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Alarm rule specific to a network session Knut Borg (Mar 22)
- Re: Alarm rule specific to a network session Joel Esler (Mar 22)