Actions
Feature #5446
openallow ranges in dns.opcode value
Effort:
Difficulty:
Label:
Description
It would be nice to be able to write a single rule looking for a range of opcodes or not looking (excluding) a range of opcodes.
examples:
alert dns any any -> any any (msg:"dns unassigned opcodes in dns query"; dns.opcode:7-15; sid:123; rev:1;)
alert dns any any -> any any (msg:"dns opcode other than assigned opcode in dns query"; dns.opcode:!1-6; sid:123; rev:1;)
Actions