-1
這是Snort規則:類似於| 01 00 01 00 |在關於snort規則的tcp數據包中?
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"INFO web bug 0x0 gif attempt"; flow:from_server,established; content:"Content-type|3A| image/gif"; nocase; content:"GIF"; nocase; distance:0; content:"|01 00 01 00|"; distance:3; within:4; content:"|2C|"; distance:0; content:"|01 00 01 00|"; distance:4; within:4; classtype:misc-activity; sid:2925; rev:2;)
從警報名稱,我可以看到它似乎阻止接收HTML代碼,包括爲0x0 GIF,避免帶寬消耗。我只想知道|01 00 01 00|這裏有什麼東西。請告訴我幫助我更好地理解整個規則。
