[Snort-sigs] byte_extract included on last snort v2.9.0.x!
pmullen at ...435...
Mon Apr 25 09:24:37 EDT 2011
> First, Thx you snort and SF Team for enhancing ids and ips world.
> Second, last snort v2.9.0.x included a "new" byte_extract keyword.
I'm glad you're excited about the new byte_extract feature. It is a
huge addition that removes the need for several of our SO rules since
a lot of times an SO is needed simply because we need to operate on a
size within the payload.
Please note that the byte_extract from 2003 was an SO interface for
reading a value from a packet into memory while the byte_extract
plaintext rule keyword is brand new and it's for grabbing data from a
packet and using it in other rule options.
More information about the Snort-sigs