[Snort-sigs] Snort rule for a pattern match?

lists at ...3397... lists at ...3397...
Wed Mar 27 10:55:51 EDT 2013


On 03/27/2013 09:45 AM, Shields, Joseph (NIH/NIEHS) [C] wrote:
> How can I write this rule?

Write the PCRE and I'll write the rule.  You have to use byte_test/byte_extract
or PCRE.  Either way, IHMO, Snort isn't the best place to do this level of
complex packet analysis because it'll be a costly rule.




More information about the Snort-sigs mailing list