Documentation Search
Example: Using the Same Context Constraint with Compound Attack Objects
With compound attack objects, you can use the same context constraint to require selected signature members to be found in the same context instance (in any order). You can specify up to 32 signature members.
Protocol anomaly members are not selectable and are not a component of this constraint.
Suppose you design a compound attack with service context ftp-filename,
and you enable this restraint. The pattern for member 1 is test; the pattern for member 2 is hello. A user opens an FTP
session and requests files test.txt and hello.txt. Each file transfer
is occurs in its own context–not within the same context instance–so
the FTP session does not trigger this attack object. Instead, consider
what happens when the user requests a file named test-hello.txt. In this case, both members are found in a single context instance,
so the FTP session is a match.
