Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Documentation Search

     
     

    Example: Using the Same Context Constraint with Compound Attack Objects

    With compound attack objects, you can use the same context constraint to require selected signature members to be found in the same context instance (in any order). You can specify up to 32 signature members.

    Protocol anomaly members are not selectable and are not a component of this constraint.

    Suppose you design a compound attack with service context ftp-filename, and you enable this restraint. The pattern for member 1 is test; the pattern for member 2 is hello. A user opens an FTP session and requests files test.txt and hello.txt. Each file transfer is occurs in its own context–not within the same context instance–so the FTP session does not trigger this attack object. Instead, consider what happens when the user requests a file named test-hello.txt. In this case, both members are found in a single context instance, so the FTP session is a match.

     
     

    Published: 2011-02-08