[Snort-sigs] what means flowbits in signatures

Kreimendahl, Chad J Chad.Kreimendahl at ...361...
Wed Jun 16 09:01:04 EDT 2004

Flowbits esentially allow you to set flags and check for them.   For
instance, you could set a flag on for every nimda attempt, and then add
a check for that flag in a rule that matches the response from a
vulnerable server.  Thus giving you true notification of something bad.
I believe someone posted to the -dev or -users group with the specific
syntax recently. 

-----Original Message-----
From: Ali Zand [mailto:ali.zand at ...2420...] 
Sent: Wednesday, June 16, 2004 10:52 AM
To: snort-sigs at lists.sourceforge.net
Subject: [Snort-sigs] what means flowbits in signatures

I'm a newcomer in this mailing-list and I have recently upgraded my
Snort. There are several new keywords in rule files, which are not
explained in Snort manual. What is meaning of flowbits?
Thanks for your time and attention.

Ali Zand

This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net

More information about the Snort-sigs mailing list