06-15-2010 08:26 AM - edited 03-10-2019 05:01 AM
Hi folks
I got a question today that left we thinking and no answer.
Can I, on an IPS 7.x, create a rule that compares data in a HTTP flow?
Example: User send a login request in clear text but the server responds with a different account. A custom packet sniffer app would store the data, extract the login, store it as a variable and then compare it with the response. Easy, but can the IPS do that?
Regards
Fredrik
Solved! Go to Solution.
06-15-2010 08:47 AM
Fredrik;
No, the IPS is not designed to store values for later comparison - it only checks the data in the current flow.
Scott
06-15-2010 08:47 AM
Fredrik;
No, the IPS is not designed to store values for later comparison - it only checks the data in the current flow.
Scott
06-15-2010 10:15 PM
Plain and simple, as I suspected. Thank you.
Regards
Fredrik
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: