[Snort-users] new keyword.

Fyodor fygrave at ...121...
Tue Aug 29 14:54:45 EDT 2000


Just FYI:

  Erich Meier submitted `tos' keyword support. Committed to cvs.

Index: RULES.SAMPLE
===================================================================
RCS file: /cvsroot/snort/snort/RULES.SAMPLE,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -C2 -r1.1.1.1 -r1.2
*** RULES.SAMPLE	2000/08/07 02:41:28	1.1.1.1
--- RULES.SAMPLE	2000/08/29 18:45:46	1.2
***************
*** 444,445 ****
--- 444,455 ----
  preprocessor minfrag: 128
  
+ 
+ ##################
+ # NEW KEYWORD: tos
+ ##################
+ 
+ #
+ # This keyword plugin intorduces `tos' keyword which checks
+ # value against IP tos headers.
+ #
+ 
+ alert tcp $EXTERNAL any -> $INTERNAL any (tos: 201; msg: "Bubonic attack";)






More information about the Snort-users mailing list