Actions
Feature #5446
closed
JT
PA
rules: allow ranges in dns.opcode value
Feature #5446:
rules: allow ranges in dns.opcode value
Effort:
Difficulty:
Label:
Description
It would be nice to be able to write a single rule looking for a range of opcodes or not looking (excluding) a range of opcodes.
examples:
alert dns any any -> any any (msg:"dns unassigned opcodes in dns query"; dns.opcode:7-15; sid:123; rev:1;)
alert dns any any -> any any (msg:"dns opcode other than assigned opcode in dns query"; dns.opcode:!1-6; sid:123; rev:1;)
VJ Updated by Victor Julien over 3 years ago
@Philippe Antoine could this somehow be implemented as part of the general detect int work?
PA Updated by Philippe Antoine almost 3 years ago
- Assignee changed from OISF Dev to Philippe Antoine
PA Updated by Philippe Antoine almost 3 years ago
- Target version changed from TBD to 8.0.0-beta1
PA Updated by Philippe Antoine over 2 years ago
- Status changed from New to In Review
PA Updated by Philippe Antoine about 2 years ago
- Related to Feature #6646: detect: integer: support negated ranges added
PA Updated by Philippe Antoine about 2 years ago
- Related to Task #6644: tracking: detect: integer as first-class support added
PA Updated by Philippe Antoine about 2 years ago
- Related to Feature #6723: detect: review existing keywords for usage of enumerations added
PA Updated by Philippe Antoine about 2 years ago
- Status changed from In Review to Closed
VJ Updated by Victor Julien 12 months ago
- Subject changed from allow ranges in dns.opcode value to rules: allow ranges in dns.opcode value
Actions