Snort mailing list archives

Re: byte_extract included on last snort v2.9.0.x!

From: Patrick Mullen <pmullen () sourcefire com>
Date: Mon, 25 Apr 2011 09:24:37 -0400

First, Thx you snort and SF Team for enhancing ids and ips world.
Second, last snort v2.9.0.x included a "new" byte_extract keyword.


I'm glad you're excited about the new byte_extract feature.  It is a
huge addition that removes the need for several of our SO rules since
a lot of times an SO is needed simply because we need to operate on a
size within the payload.

Please note that the byte_extract from 2003 was an SO interface for
reading a value from a packet into memory while the byte_extract
plaintext rule keyword is brand new and it's for grabbing data from a
packet and using it in other rule options.


~Patrick

------------------------------------------------------------------------------
Fulfilling the Lean Software Promise
Lean software platforms are now widely adopted and the benefits have been 
demonstrated beyond question. Learn why your peers are replacing JEE 
containers with lightweight application servers - and what you can gain 
from the move. http://p.sf.net/sfu/vmware-sfemails
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org

Current thread:

byte_extract included on last snort v2.9.0.x! rmkml (Apr 24)
- Re: byte_extract included on last snort v2.9.0.x! Patrick Mullen (Apr 25)