Project

General

Profile

Actions
Copy link

Feature #5446

open

allow ranges in dns.opcode value

Added by Jason Taylor about 1 year ago. Updated 3 months ago.

Status:
New
Priority:
Normal
Assignee:
Philippe Antoine
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

It would be nice to be able to write a single rule looking for a range of opcodes or not looking (excluding) a range of opcodes.

examples:

alert dns any any -> any any (msg:"dns unassigned opcodes in dns query"; dns.opcode:7-15; sid:123; rev:1;)

alert dns any any -> any any (msg:"dns opcode other than assigned opcode in dns query"; dns.opcode:!1-6; sid:123; rev:1;)

Actions
Copy link
 #1

Updated by Victor Julien about 1 year ago

@Philippe Antoine could this somehow be implemented as part of the general detect int work?

Actions
Copy link
 #2

Updated by Philippe Antoine 4 months ago

  • Assignee changed from OISF Dev to Philippe Antoine
Actions
Copy link
 #3

Updated by Philippe Antoine 3 months ago

  • Target version changed from TBD to 8.0.0-beta1
Actions
Copy link

Also available in: Atom PDF