[Snort-users] If this, but not this rules

Jesse Lands cryptograffiti at ...11827...
Tue Nov 24 21:28:43 EST 2009


Not sure if this even possible, but I want to alert on a specific file
header flag, but not if it contains another flag.

Is there a way to write an alert like that?  Not asking for solutions.  If
there is a spot you can reference I can read it.

Thanks
Jesse
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20091124/24fa1b7e/attachment.html>


More information about the Snort-users mailing list