Syntax error in SID 9000

Thread: Syntax error in SID 9000

Search this list only Search all lists
Syntax error in SID 9000
	2008-03-17 19:00:47

I guess since we are the only ones in planet earth not using snort v2.8 we are the only ones effected by these but in any case. content:";\|0d 0a\|Host: "; Should be: content:"\|0d 0a\|Host: "; Escape the colon. -- Jon Scheidell >\|SECNAP Network Security This email has been scanned and certified safe by SpammerTrap™. For Information please see www.spammertrap.com
Re: Syntax error in SID 9000
	2008-03-17 19:26:37
Quoting Jonathan Scheidell <jscheidellsecnap.net>: > I guess since we are the only ones in planet earth not using snort v2.8 we > are the only ones effected by these but in any case. the 2.8 users are even more seriously affected, because the rule is just silently dropped during parsing. much more insidious. the 2.6 user at least knows when there is a problem and can do something about it. jp -- Framework? I don't need no stinking framework! ------------------------------------------------------------ ---- fferent Security Labs: Isolate/Insulate/Innovate http://www.afferentse curity.com _______________________________________________ Bleeding-sigs mailing list Bleeding-sigsbleedingthreats.net http://lists.bleedingthreats.net/cgi-bin/ mailman/listinfo/bleeding-sigs

Re: Syntax error in SID 9000
	2008-03-17 23:14:37
That is an EXTREMELY annoying 'feature' of 2.8. Fixed, thanks! Matt Jonathan Scheidell wrote: > I guess since we are the only ones in planet earth not using snort v2.8 > we are the only ones effected by these but in any case. > content:"\|0d 0a\|Host: "; > > Should be: > content:"\|0d 0a\|Host: "; > > Escape the colon. > > -- > Jon Scheidell >>\|SECNAP Network Security > > > > ------------------------------------------------------------ ------------ > This email has been scanned and certified safe by SpammerTrap™. > For Information please see www.spammertrap.com <http://www.spammertrap .com> > ------------------------------------------------------------ ------------ > > > ------------------------------------------------------------ ------------ > > _______________________________________________ > Bleeding-sigs mailing list > Bleeding-sigsbleedingthreats.net > http://lists.bleedingthreats.net/cgi-bin/ mailman/listinfo/bleeding-sigs -- -------------------------------------------- Matthew Jonkman Emerging Threats Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthr eats.net -------------------------------------------- PGP: http://www.jo nkmans.com/mattjonkman.asc _______________________________________________ Bleeding-sigs mailing list Bleeding-sigsbleedingthreats.net http://lists.bleedingthreats.net/cgi-bin/ mailman/listinfo/bleeding-sigs

[1-3]

about | contact Other archives ( Real Estate discussion Medical topics )