[Bro] Adding single byte test length on bro
rmkml
rmkml at free.fr
Mon Feb 18 01:21:35 PST 2008
Hi,
Adding single byte test length on bro (like byte_test on snort), example:
snort: byte_test:1,>,2,0; (offset:0 {last arg}, search in 1 byte, if is more than 2)
bro pcre posix sigs: payload /^[\x03-\xff]/
work only with '<' '>' '=' byte test (other like &^ not work) and only check in one byte.
Anyone comments ?
Anyone addind this option on snort2bro script ?
Regards
Rmkml
Crusoe Researches
More information about the Bro
mailing list