|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Aditya_at_directnet.com.br
Date: Tue Dec 03 2002 - 18:21:55 CST
Hi friends
I need to capture two contents, one content depends on the other....
like this
alert tcp any any -> 192.168.1.0/24 80
(content: "|AB432CDEF|";content: " |1AC2FEB345|";depth: 5;
msg: "malicious activity")
Only the combination of these two generate malicious activity
Any ideas?
Aditya
INPE ( Brazilian Space Research Institute)
Networking&Information Security Group
-------------------------------------------------------
This SF.net email is sponsored by: Microsoft Visual Studio.NET
comprehensive development tool, built to increase your
productivity. Try a free online hosted session at:
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr0003en
_______________________________________________
Snort-users mailing list
Snort-users
lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]