[Snort-users] content question
petre at ...6894...
Sun Sep 29 01:45:02 EDT 2002
I want to block all dcc sends which contain mp3, avi, mpeg and other large
files, allowing the rest
am I allowd to use a wildcard in the content rule ? I presume not (haven't
tried yet, though).
can I concatenate two/more content rules ?
my content text looks like this: DCC SEND any_file_name.mp3, and I am
interested only in DCC SEND and the extension
Login: petre Name: Petre Bandac
Directory: /home/petre Shell: /bin/bash
Office: -, - Home Phone: -
On since Sun Sep 29 10:12 (EEST) on tty2 1 hour 21 minutes idle
none, for the time being :-)
More information about the Snort-users