[Snort-users] FW: uricontent vs. content

Chris Green cmg at ...950...
Wed Oct 30 14:50:06 EST 2002


"larosa, vjay" <larosa_vjay at ...3331...> writes:

> From: "larosa, vjay" <larosa_vjay at ...3331...>
> Subject: [Snort-users] FW: uricontent vs. content
> To: "'snort-users at lists.sourceforge.net'" <snort-users at lists.sourceforge.net>
> Date: Wed, 30 Oct 2002 15:20:18 -0500
>
> Hello,
>
> Anybody have any ideas on this post I made last night? Thanks!
>

I'm betting its because
GET
/default ida?XXXXX  is pushed through as 2 packets instead
and that the dsize check is not true for stream packets.

I'm having Brian remove that and I'll go and make sure that
distance/within works correctly before 1.9.1...
-- 
Chris Green <cmg at ...1935...>
 "Not everyone holds these truths to be self-evident, so we've worked
                  up a proof of them as Appendix A." --  Paul Prescod




More information about the Snort-users mailing list