[Snort-devel] two patch: add byte_test3 and byte_test more than 4 byte check

rmkml rmkml at ...879...
Tue Dec 12 13:12:11 EST 2006


Hi Snorter,

I joigned two patch work on snort v2.4.5 (but two file is same on v2.6.1):
  1) on byte_test keyword, I add test if bytes_to_grab = 3
  2) check if byte_test more than 4 byte !
Please check and maybe add on futur snort version.

I have created this two patch because I work on ssl decoding and analyzing 
protocol, and on this protocol, length are on 3 bit ! (second patch 
because snort not warning is snort not work with bytes_to_grab=3 {without 
first patch})

Thx you Marty for presentation the past, present and futur of snort.

Credits:
Crusoe Researches
http://www.Crusoe-Researches.com
contact at ...2905...

Azwalaro French nids open source project
http://www.Crusoe-Researches.com/azwalaro/
azwalaro at ...2905...

Best Regards
Rmkml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: snort245bytetest3.diff.gz
Type: application/octet-stream
Size: 282 bytes
Desc: 
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20061212/87f80d4d/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: snort245bytetestmorethan4warning.diff.gz
Type: application/octet-stream
Size: 381 bytes
Desc: 
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20061212/87f80d4d/attachment-0001.obj>


More information about the Snort-devel mailing list