Snort mailing list archives
Re: byte_extract included on last snort v2.9.0.x!
From: Patrick Mullen <pmullen () sourcefire com>
Date: Mon, 25 Apr 2011 09:24:37 -0400
First, Thx you snort and SF Team for enhancing ids and ips world. Second, last snort v2.9.0.x included a "new" byte_extract keyword.
I'm glad you're excited about the new byte_extract feature. It is a huge addition that removes the need for several of our SO rules since a lot of times an SO is needed simply because we need to operate on a size within the payload. Please note that the byte_extract from 2003 was an SO interface for reading a value from a packet into memory while the byte_extract plaintext rule keyword is brand new and it's for grabbing data from a packet and using it in other rule options. ~Patrick ------------------------------------------------------------------------------ Fulfilling the Lean Software Promise Lean software platforms are now widely adopted and the benefits have been demonstrated beyond question. Learn why your peers are replacing JEE containers with lightweight application servers - and what you can gain from the move. http://p.sf.net/sfu/vmware-sfemails _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org
Current thread:
- byte_extract included on last snort v2.9.0.x! rmkml (Apr 24)
- Re: byte_extract included on last snort v2.9.0.x! Patrick Mullen (Apr 25)