Snort mailing list archives
byte_extract addition?
From: Mike Cox <mike.cox52 () gmail com>
Date: Thu, 9 Oct 2014 13:22:31 -0400
Hi Snort-Dev, I have come across a few situations in the past few weeks where it would be useful to be able to do simple addition in rules without having to write a SO rule. I know that Snort has the byte_extract functionality and you can provide a multiplier value to the extracted bytes before it gets stored in the variable. However, Are there any plans or thoughts that would allow addition (similar to multiplier) of static values (or variables from byte_extract) that would be applied to the extracted bytes before being stored in the variable? Or could byte_test be expanded to include simple addition? For example, a byte_test that checks if extracted_value1 > extracted_value2 + 12. Thanks. -Mike Cox
------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- byte_extract addition? Mike Cox (Oct 09)
- Re: byte_extract addition? Ed Borgoyn (eborgoyn) (Oct 09)