[Emerging-Sigs] Gozi/Ordergun/Orderjack sig mod + new

Darren Spruell phatbuckett at gmail.com
Thu Jan 29 17:57:03 EST 2009

On Thu, Jan 29, 2009 at 1:52 PM, Holste, Martin C - DOA
<martin.holste at wisconsin.gov> wrote:
> Also, don't forget that Sourcefire added the http_method modifier so we
> could do:
> content:"GET"; http_method; uricontent:"/forms.cgi";

I think the concern might be requiring a recent enough snort to do the
http_* options (don't recall when that was added, 2.8.3? Pretty

Darren Spruell
phatbuckett at gmail.com

