Snort mailing list archives
Re: Priority levels, native or not?
From: Chris Green <cmg () uab edu>
Date: Sat, 08 Dec 2001 17:55:39 -0600
"Ronneil Camara" <ronneilc () remingtonltd com> writes:
Hi, I would just like to know if the "P-1" only applicable to demarc? Or is it native in snort?
It's nothing to snort. Snort does have a priority: keyword that can be used in conjunction with classtype: ( which assigns a default priority ).
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS 80 \ (msg:"P-1-WEB-IIS cmd? acess";flags: A+; content:".cmd?&"; nocase; classtype:\ attempted-user; sid:1003; rev:1;)
-- Chris Green <cmg () uab edu> Don't use a big word where a diminutive one will suffice. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Priority levels, native or not? Ronneil Camara (Dec 08)
- Re: Priority levels, native or not? Chris Green (Dec 08)
- <Possible follow-ups>
- RE: Priority levels, native or not? Ronneil Camara (Dec 09)