[Snort-devel] Snort 2.0 rule type possible side effect bug

Erek Adams erek at ...835...
Tue Jun 10 06:47:10 EDT 2003


On Tue, 10 Jun 2003, Nils Ulltveit-Moe wrote:

> We have found a problem in Snort 2.0 that seems to cause a side effect
> between a broad ranged alert rule, that is narrowed by a following
> pass rule in combination with arbitrary other rules, as shown in the
> example rule set below. This side effect did not occur in Snort 1.9.1.

[...snip...]

I'm guessing this was with the release version of 2.0.  If so, please grab
the current CVS version [0] .  There was a recent (2-3 days ago) changes
to how pass rules were handled.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

[0]	http://www.snort.org/dl/snapshots/snort-current.tar.gz




More information about the Snort-devel mailing list