[Emerging-Sigs] typo in sid 2008187
CunningPike
cunningpike at gmail.com
Tue May 13 01:17:21 EDT 2008
My preference would be for snort to non-silently ignore it :-)
My rule updates are run automatically while I sleep - I'd like snort to
be running when I get into work, but my mail to contain a message saying
that rule <sid> had an error.
:-)
CP
Matt Jonkman wrote:
> Ya, they did with -T. I should be clear though, apparently the decision
> was made somewhere in the last few releases to not have snort complain
> or exit on bad rules. It was a surprise to everyone. I understand both
> ways, I just prefer to have snort SAY something when it hits a bad rule,
> and actually exit, vs silently ignoring it. But my please have landed
> upon deaf ears.
>
> What's everyone else prefer?
>
> Matt
>
> Markus Lude wrote:
>> On Sun, May 11, 2008 at 07:25:49AM -0400, Matt Jonkman wrote:
>>> Good catch, thanks Markus.
>>>
>>> I wish Snort would tell you about this kind of thing....
>> Oddly older versions of snort seems to do this.
>>
>> Regards,
>> Markus
>>
>>> Markus Lude wrote:
>>>> Hello,
>>>> there's a typo in sid 2008187:
>>>>
>>>> content:"|0d 0a|User-Agent:";
>>>> ^
>>>>
>>>> ":" needs to be escaped: "\:".
>>>>
>>>> Regards,
>>>> Markus
>>>> _______________________________________________
>>>> Emerging-sigs mailing list
>>>> Emerging-sigs at emergingthreats.net
>>>> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>> _______________________________________________
>> Emerging-sigs mailing list
>> Emerging-sigs at emergingthreats.net
>> http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
More information about the Emerging-sigs
mailing list