[Snort-sigs] Possible Content Match problem - Was: Re: how can we alert on web visiting activity?
jasonb at ...435...
Thu Nov 19 20:31:52 EST 2009
I would be happy to look into both of these further. The odds are that
it is a configuration / environmental issue so please send me your
snort.conf, local.rules with the example rules in them, and a pcap.
On Thu, Nov 19, 2009 at 3:30 PM, evilghost at ...3397...
<evilghost at ...3397...> wrote:
> NP Joel, the flowbits was a gift. I think our thread about rawbytes was
> Flowbits one was here,
> and a few exchanges there.
> I'll tap out of this thread now since it's getting off-topic. I replied
> only to substantiate my assertion about rawbytes after Nigel rebuked me.
> Joel Esler wrote:
>> Well, I don't know anything about the flowbits problem you are talking
>> But I did ask an email'ed questions to devel about the functionality of
>> rawbytes since there may be some misunderstanding.
>> But I wasn't provided any pcaps or anything of problems...
More information about the Snort-sigs