[Snort-users] fast pattern matcher and http_cookie?
eoin.miller at ...14586...
Fri Dec 30 12:40:35 EST 2011
Have some signatures that are poor performers due to looking for strings
that are within the http_cookie. Further reading of the manual stats
that the fast pattern matcher is not going to work with http_cookie
content modifiers. Seems kind of weird that you can use things like
http_uri with the fast pattern matcher, but you can't use http_cookie?
More information about the Snort-users