[Snort-devel] Snort win32 Query - I think I found a bug?
me2_au at ...398...
Thu Mar 21 00:33:03 EST 2002
Snort 1.8 win32 running on W2K Pro
Runs fine, no crashes, just doesn't trigger correctly.
This might be normal / known / intended bahaviour, but is definitely not
in the documents.
I haven't had a chance to test it on the Linux system yet.
When I create a dynamic rule that triggers on TCP to activate a rule
that triggers on UDP I get "an activation rule with no dynamic rules
matched". It works fine if it's UDP triggering UDP or TCP triggering
TCP, but not crossed over. Snort is 1.8 win32
activate udp any any -> any 53 (msg:"test udp
dynamic tcp any any -> any 25 (activated_by:2; count:2; msg:"Test
This fails with "an activation rule with no dynamic rules matched"
However if it UDP triggering UDP or TCP triggering TCP there is no
I am writing dynamic filters for worm detection to trigger on successful
Clariti Pty Ltd
ABN 98 088 389 922
Ph. 07 3872 8333
Fax 07 3257 4020
E-mail: <mailto:paul.young at ...1210...> paul.young at ...1210...
P.O. Box 884
Fortitude Valley, Qld, 4006
Web: www.clariti.net.au <http://www.clariti.net.au/>
This transmission is for the intended addressee only and is confidential
information. If you have received this transmission in error, please
delete it and notify the sender. The contents of this e-mail are the
opinion of the writer only and are not endorsed by Clariti unless
expressly stated otherwise.
Clariti has virus detection in place and makes every reasonable effort
to ensure that this message is free from viruses. However, you should
scan this message and any attachments for viruses. Under no
circumstances will Clariti accept liability for any loss or damage that
may result from your receipt of this message or any attachments.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel