Snort mailing list archives
Possible Content Match problem - Was: Re: how can we alert on web visiting activity?
From: Jason Brvenik <jasonb () sourcefire com>
Date: Thu, 19 Nov 2009 20:31:52 -0500
I would be happy to look into both of these further. The odds are that it is a configuration / environmental issue so please send me your snort.conf, local.rules with the example rules in them, and a pcap. On Thu, Nov 19, 2009 at 3:30 PM, evilghost () packetmail net <evilghost () packetmail net> wrote:
NP Joel, the flowbits was a gift. I think our thread about rawbytes was here, http://lists.emergingthreats.net/pipermail/emerging-sigs/2009-September/003682.html Flowbits one was here, http://lists.emergingthreats.net/pipermail/emerging-sigs/2009-September/003786.html and a few exchanges there. I'll tap out of this thread now since it's getting off-topic. I replied only to substantiate my assertion about rawbytes after Nigel rebuked me. -evilghost Joel Esler wrote:Well, I don't know anything about the flowbits problem you are talking about. But I did ask an email'ed questions to devel about the functionality of rawbytes since there may be some misunderstanding. But I wasn't provided any pcaps or anything of problems... J
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- Possible Content Match problem - Was: Re: how can we alert on web visiting activity? Jason Brvenik (Nov 19)