[Snort-devel] Snort 2.0 rule type possible side effect bug

Esler, Joel Contractor EslerJ at ...2023...
Tue Jun 10 07:20:03 EDT 2003


I have noticed that pass rules don't drop everything, you say this is fixed
now?

J

-----Original Message-----
From: Erek Adams [mailto:erek at ...835...]
Sent: Tuesday, June 10, 2003 9:47 AM
To: num at ...139...
Cc: roesch at ...835...; snort-devel at lists.sourceforge.net;
tech at ...139...; soc at ...139...
Subject: Re: [Snort-devel] Snort 2.0 rule type possible side effect bug


On Tue, 10 Jun 2003, Nils Ulltveit-Moe wrote:

> We have found a problem in Snort 2.0 that seems to cause a side effect
> between a broad ranged alert rule, that is narrowed by a following
> pass rule in combination with arbitrary other rules, as shown in the
> example rule set below. This side effect did not occur in Snort 1.9.1.

[...snip...]

I'm guessing this was with the release version of 2.0.  If so, please grab
the current CVS version [0] .  There was a recent (2-3 days ago) changes
to how pass rules were handled.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

[0]	http://www.snort.org/dl/snapshots/snort-current.tar.gz


-------------------------------------------------------
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
_______________________________________________
Snort-devel mailing list
Snort-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel




More information about the Snort-devel mailing list