[Snort-sigs] [Emerging-Sigs] Errors with the Snort manual

evilghost at ...3397... evilghost at ...3397...
Thu Feb 18 15:43:21 EST 2010


Joel, can you also add these, as they were discovered in the Snort 
2.8.5.1 manual:

    Escaping colon no longer necessary.

    Disparity in spacing between the keyword and the argument, for 
example, page #126 example 3.5.7 or page #127 example 3.5.10 which 
includes both a space and a no-space after the keyword.  Actually, it 
looks like a good portion of the ABCDEF style matches are like this.  
The usage syntax clearly shows a space.  So which is the convention?  I 
know VRT says "no space" but the manual is all over the map with it's 
examples and usage syntax.

    Page #120, 'kickass-porn' is still present, thought this was removed?

    Page #120, example in section 3.4.7 has the semi-colon outside of 
the close parenthesis, this rule breaks Snort.

    Page #117, hex content match, that's some insane spacing/format there.

    Page #143, RPC example, has an extra semi-colon outside the close 
parenthesis.

There may be more, I really hope this helps.  Thanks!

PS - VRT did you get the ET goodness I had sent to you yet?  Maybe Matt 
Olney can chime in?

-evilghost



Joel Esler wrote:
> Mike,
>
> That's a good point.  (The third example.)
>
> I'll bring that up.
>




More information about the Snort-sigs mailing list