[Snort-sigs] [Emerging-Sigs] Errors with the Snort manual

evilghost at ...3397... evilghost at ...3397...
Thu Feb 18 14:58:35 EST 2010


You are absolutely correct, this has been resolved in the 2.8.5.1 
manual.  Evidently I did report it after all (couldn't remember) or it 
was resolved without my reporting.  Thanks Joel.

-evilghost

Joel Esler wrote:
> Evilghost,
>
> I have to go off of the current version of the manual, as we put out 
> corrections and additions to the manual with every version of Snort.
>
> I am looking at the 2.8.5.1 version that is currently on Snort.org, 
> the REGEX in 3.5.6 reads:
> "/ABC.{1}DEF/" and the example is (content:"ABC"; content:"DEF"; 
> distance:1;).  
> This is correct.
>
> In 3.5.7 it says "This rule constrains the search of EFG to not go 
> past 10 bytes past the ABC match."
>
> The example is (content:"ABC"; content:"EFG"; within:10;) -- which is 
> correct.
>
> As for there being no "D".  There is nothing mentioned about the letter D.
>
> J
>
> On Thu, Feb 18, 2010 at 2:37 PM, evilghost at ...3397... 
> <mailto:evilghost at ...3397...> <evilghost at ...3397... 
> <mailto:evilghost at ...3397...>> wrote:
>
>     Hello,
>
>     There was a discussion on ET about some errors in the Snort manual.  I
>     cannot remember if I reported these or not.  The Snort 2.8.4 manual
>     appears to be inaccurate or wrong in a few places, specifically:
>
>     Page #114, section 3.5.6, the REGEX used to explain figure 3.16 is
>     incorrect.
>     Page #114, section 3.5.7, the "10 bytes past the ABCDE match" verbiage
>     is incorrect, there is no "D" in figure 3.17 nor is the explanation of
>     figure 3.17 correct.
>
>     I did not check 2.8.5 but I assume these may persist there as well.
>
>     Thanks
>     -evilghost
>
>     _______________________________________________
>     Emerging-sigs mailing list
>     Emerging-sigs at ...3335...
>     <mailto:Emerging-sigs at ...3335...>
>     http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
>
>     Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs
>     and Lanyards
>     http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html
>
>
>
>
> -- 
> Joel Esler
> 302-223-5974




More information about the Snort-sigs mailing list