[Snort-sigs] byte_extract included on last snort v2.9.0.x!

Patrick Mullen pmullen at ...435...
Mon Apr 25 09:24:37 EDT 2011


> First, Thx you snort and SF Team for enhancing ids and ips world.
> Second, last snort v2.9.0.x included a "new" byte_extract keyword.

I'm glad you're excited about the new byte_extract feature.  It is a
huge addition that removes the need for several of our SO rules since
a lot of times an SO is needed simply because we need to operate on a
size within the payload.

Please note that the byte_extract from 2003 was an SO interface for
reading a value from a packet into memory while the byte_extract
plaintext rule keyword is brand new and it's for grabbing data from a
packet and using it in other rule options.


~Patrick




More information about the Snort-sigs mailing list