Snort mailing list archives
http_header issues, Snort 2.8.5.3
From: "evilghost () packetmail net" <evilghost () packetmail net>
Date: Thu, 1 Apr 2010 09:22:40 -0500
Hello, I am running Snort 2.8.5.3 and it appears that either http_header; is not working correctly, does not work with a relative keyword, or I do not understand http_header; correctly. I am attempting to constrain a content match to the http_header for performance reasons. Note, no need to recommend isdataat, I know there is data within 1024 bytes past the previous content match. Does NOT work: uricontent:"/login.php"; fast_pattern; content:"|0d 0a|Cookie\: "; nocase; http_header; content:"ieatbugs="; within:1024; Does work: uricontent:"/login.php"; fast_pattern; content:"|0d 0a|Cookie\: "; nocase; content:"ieatbugs="; within:1024; Comments/insight appreciated. -evilghost ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs
Current thread:
- http_header issues, Snort 2.8.5.3 evilghost () packetmail net (Apr 01)
- Re: http_header issues, Snort 2.8.5.3 Will Metcalf (Apr 01)
- Re: http_header issues, Snort 2.8.5.3 evilghost () packetmail net (Apr 01)
- Re: http_header issues, Snort 2.8.5.3 Mike Cox (Apr 01)
- Re: http_header issues, Snort 2.8.5.3 L0rd Ch0de1m0rt (Apr 01)
- Re: http_header issues, Snort 2.8.5.3 Jason Brvenik (Apr 01)
- Re: http_header issues, Snort 2.8.5.3 L0rd Ch0de1m0rt (Apr 01)
- Re: http_header issues, Snort 2.8.5.3 evilghost () packetmail net (Apr 01)
- Re: http_header issues, Snort 2.8.5.3 Jason Brvenik (Apr 01)
- Re: http_header issues, Snort 2.8.5.3 Russ Combs (Apr 01)
- Re: http_header issues, Snort 2.8.5.3 Paul Schmehl (Apr 01)
- Re: http_header issues, Snort 2.8.5.3 evilghost () packetmail net (Apr 01)
- Re: http_header issues, Snort 2.8.5.3 Will Metcalf (Apr 01)