[Snort-sigs] Newbie knucklehead can't get a custom rule to alert

Nigel Houghton nigel at ...435...
Wed Jun 23 15:51:04 EDT 2004


On  0, tony at ...2576... allegedly wrote:
> Yes I am, there are several packet that go through as part of a complete
> request and response, I am interested in the one particular packet that
> has "evil_hacker_string" in it.
> Please note the things I've tried included changing and ommitting the flow
> portion of the rule.

Is it possible for you to give us more information on how you are
generating the traffic and/or if possible, send a tcpdump packet capture of
your generated traffic?

-------------------------------------------------------------
Nigel Houghton       Research Engineer        Sourcefire Inc.
                 Vulnerability Research Team

In an emergency situation involving two or more officers of equal rank,
seniority will be granted to whichever officer can program a vcr.




More information about the Snort-sigs mailing list