[Snort-sigs] Bad range in Snort rules

Lukas Matt lukas.matt at ...525...
Mon Jan 13 08:52:08 EST 2014


Hi all, was there some progress regarding the bad range while Christmas?

Cheers,
Lukas

On 12/16/2013 06:00 PM, Joel Esler (jesler) wrote:
> Lukas, yes, this will be fixed in an upcoming release.
>
> --
> *Joel Esler*
> Intelligence Lead
> OpenSource Manager
> Vulnerability Research Team
> Jabber: jesler at ...3865... <mailto:jesler at ...3865...>
>
> On Dec 16, 2013, at 5:12 AM, Lukas Matt <lukas.matt at ...525... 
> <mailto:lukas.matt at ...525...>> wrote:
>
>> Hey guys,
>>
>> I ran into following error message "Bad range: 4294967296"
>> That affect rule 28519 and 28514. The problem here is following part:
>>
>>     byte_test:4,>,4294967296,18,relative,little;
>>
>> Under 32bit the maximum Int is 2^32-1 but in the rule you forgot to 
>> subtract 1.
>> I checked also the documentation and the maximum for your byte_test 
>> is 4294967295.
>>
>> Could you double check that?
>>
>> Cheers,
>> Lukas
>>
>>
>> -- 
>> Lukas Matt
>> Deep Packet Inspection Researcher, RnD
>>
>> tel: +49-721-25516-322, cell: +49-174-3440-555
>>
>> Sophos Technology GmbH
>> Amalienbadstr. 41/Bau 52, 76227 Karlsruhe, Germany
>>
>> SOPHOS Security made simple
>>
>> ---
>> Sophos Technology GmbH, Commercial Register: Mannheim HRB 712658
>> Headquarter Location: Amalienbadstr. 41/Bau 52 | 76227 Karlsruhe | Germany
>> Executive Board: Nicholas Bray, Pino von Kienlin, Richard Walford, Joachim Frost, Günter Junk
>> ------------------------------------------------------------------------------
>> Rapidly troubleshoot problems before they affect your business. Most IT
>> organizations don't have a clear picture of how application performance
>> affects their revenue. With AppDynamics, you get 100% visibility into 
>> your
>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of 
>> AppDynamics Pro!
>> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk_______________________________________________
>> Snort-sigs mailing list
>> Snort-sigs at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>> http://www.snort.org
>>
>>
>> Please visit http://blog.snort.org for the latest news about Snort!
>


-- 
Lukas Matt
Deep Packet Inspection Researcher, RnD

tel: +49-721-25516-322, cell: +49-174-3440-555

Sophos Technology GmbH
Amalienbadstr. 41/Bau 52, 76227 Karlsruhe, Germany

SOPHOS Security made simple

---
Sophos Technology GmbH, Commercial Register: Mannheim HRB 712658
Headquarter Location: Amalienbadstr. 41/Bau 52 | 76227 Karlsruhe | Germany
Executive Board: Nicholas Bray, Pino von Kienlin, Joachim Frost, Günter Junk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20140113/ba749a83/attachment.html>


More information about the Snort-sigs mailing list