[Snort-sigs] receiving an error msg on a signature
bmc at ...95...
Tue Feb 4 17:05:32 EST 2003
On Tue, Feb 04, 2003 at 07:25:00PM -0500, nick nelson wrote:
> alert tcp $EXTERNAL_NET 6660:7000 -> $HOME_NET any (msg:"Incoming
> XDCC Send Request Detected"; flow:to_server,established; content:"
> :^AXDCC *[Ss][Ee][Nn][Dd] *#[0-9]" ; nocase; offset:0; classtype:misc-
A few things.
* snort doesn't support the regex like you are using. This isn't
* you need to escape the : inside the content.
More information about the Snort-sigs