[Snort-users] content question

Petre Bandac petre at ...6894...
Sun Sep 29 01:45:02 EDT 2002


I want to block all dcc sends which contain mp3, avi, mpeg and other large 
files, allowing the rest

am I allowd to use a wildcard in the content rule ? I presume not (haven't 
tried yet, though). 

can I concatenate two/more content rules ?

my content text looks like this: DCC SEND any_file_name.mp3, and I am 
interested only in DCC SEND and the extension


thanks,

petre



-- 
Login: petre          			Name: Petre Bandac
Directory: /home/petre              	Shell: /bin/bash
Office: -, -				Home Phone: -
On since Sun Sep 29 10:12 (EEST) on tty2   1 hour 21 minutes idle
No mail.
Plan:

none, for the time being :-)







More information about the Snort-users mailing list