[Snort-sigs] how can we alert on web visiting activity?

Jason Brvenik jasonb at ...435...
Thu Nov 19 14:39:30 EST 2009


Please, everyone, if you have a bug follow the bug reporting process
outlined in the BUGS texts included with the source and attached here
for convenience.

On Thu, Nov 19, 2009 at 2:25 PM, evilghost at ...3397...
<evilghost at ...3397...> wrote:
> It was effectively communicated to Joel Esler who forwarded it to SF
> development.  Flowbits are borked too by the way.
>
> Nigel Houghton wrote:
>> On Thu, Nov 19, 2009 at 2:01 PM, evilghost at ...3397...
>> <evilghost at ...3397...> wrote:
>>
>>> What version of Snort are you using?  I have had issues with content
>>> matching working correctly in the 2.8 branch (as have others at Emerging
>>> Threats), I was able to get content matching to work as expected by
>>> using the rawbytes option.  See section 3.5.3 in the Snort manual.
>>>
>>> content:"ebay"; nocase; rawbytes;
>>>
>>> -evilghost
>>>
>>
>> If you have evidence to support your claim, we would like to see it. A
>> bug report would be good, until then, please refrain from giving
>> "advice" like this. Your recommendation is detrimental to performance.
>>
>>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: BUGS
Type: application/octet-stream
Size: 1891 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20091119/e4b66c70/attachment.obj>


More information about the Snort-sigs mailing list