[Snort-sigs] Depth and multi content rule help.

larosa, vjay larosa_vjay at ...375...
Tue Jun 17 11:21:04 EDT 2003

If I have a rule with three pattern matches in it and I want to limit the
search depth for just one of the content searches, but I want the other two
pattern matches to search the whole packet is this possible?
This is an example of what I am trying to do.
alert any any -> any any (msg:"Test" content:"123"; content:"101112";
depth:48; content:"|ff 53 4d 42 a2|";)
Will this work? Or will my depth keyword apply to the all three content
V.Jay LaRosa                   EMC Corporation
Information Security          4400 Computer Dr.
(508)898-7433 Office       Westboro, MA 01580
(508)353-1348 Cell           www.emc.com <http://www.emc.com> 
888-799-9750 Pager         vjl at ...375...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20030617/9b3f9879/attachment.html>

More information about the Snort-sigs mailing list