Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Feature request: isdataat ability in specific (preprocessor) buffers

From: Joshua Kinard <kumba () gentoo org>
Date: Thu, 24 Oct 2013 06:52:15 -0400
On 10/18/2013 11:29 AM, Joel Esler wrote:

After looking into it with some help from Development, they pointed me
to a bug where we have that as a feature enhancement already, it's
contingent upon something much bigger, but we have the FR tracked.
Thanks.


This is the sticky buffers thing for all of the HTTP modifiers, isn't it?
I.e., http_uri_data; content:"/foo.php?id=42"; fast_pattern:only;

Should make rule writing a teensy-bit more interesting...

Source:
http://webcache.googleusercontent.com/search?q=cache:abSLL-Ws6RYJ:https://groups.google.com/d/msg/snortusers/8HtptyPjN14/CMb9SG-HJDMJ+&cd=5&hl=en&ct=clnk&gl=us

-- 
Joshua Kinard
Gentoo/MIPS
kumba () gentoo org
4096R/D25D95E3 2011-03-28

"The past tempts us, the present confuses us, the future frightens us.  And
our lives slip away, moment by moment, lost in that vast, terrible in-between."

--Emperor Turhan, Centauri Republic

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: