[Snort-devel] dsize broken in snort 2 (and possibly 1.9.x)

Chris Green cmg at ...835...
Tue Oct 29 13:55:02 EST 2002


"Kreimendahl, Chad J" <Chad.Kreimendahl at ...1167...> writes:

> Here it is:
>
> tcp any any -> any any (msg:"LOCAL Someone email rule";
> content:"some.user at ...1167..."; nocase; flow:established; dsize: >200;
> classtype:string-detect; sid:9999; rev:1;)


It works for me with

-------------- next part --------------
A non-text attachment was scrubbed...
Name: chad.conf
Type: application/octet-stream
Size: 171 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20021029/8c484bc3/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: chad.cap
Type: application/octet-stream
Size: 2097 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20021029/8c484bc3/attachment-0001.obj>
-------------- next part --------------

-- 
Chris Green <cmg at ...402...>
You now have 14 minutes to reach minimum safe distance.


More information about the Snort-devel mailing list