Sid 21858

[Oscar A <o_ama_lo () hotmail com>]

Hi, can somebody help me please, I find only exact matches for the first content

content:"|FF|SMB|A2 00 00 00 00|"; 

But for the second content only match the first 2 hexadecimal values

content:"m|00|s|00|i|00|e|00|x|00|e|00|c|00|.|00|e|00|x|00|e|00 00 00|"

It is not supouse that all content matches must be true for the rule to trigger an event, that is, each content match 
has
an AND relationship with the others? So why drop events are triggering only when the first content is matched?

Im having this match 4d 00 53 00 49 00 45 00 58 00 45 00 43 00 2E 00 45 00 58 00 45 (00 22 00) but the m s i e x e c . 
e x e are in upper case and the last three 00 00 00 between parentesis are not maching

Regards!

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://p.sf.net/sfu/Zoho

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!