[Snort-sigs] Newbie knucklehead can't get a custom rule to alert

Nigel Houghton nigel at ...435...
Wed Jun 23 15:51:04 EDT 2004

On  0, tony at ...2576... allegedly wrote:
> Yes I am, there are several packet that go through as part of a complete
> request and response, I am interested in the one particular packet that
> has "evil_hacker_string" in it.
> Please note the things I've tried included changing and ommitting the flow
> portion of the rule.

Is it possible for you to give us more information on how you are
generating the traffic and/or if possible, send a tcpdump packet capture of
your generated traffic?

Nigel Houghton       Research Engineer        Sourcefire Inc.
                 Vulnerability Research Team

In an emergency situation involving two or more officers of equal rank,
seniority will be granted to whichever officer can program a vcr.

More information about the Snort-sigs mailing list