[Snort-sigs] Bad range in Snort rules

Alex McDonnell amcdonnell at ...435...
Mon Jan 13 09:24:13 EST 2014


Hi Lukas.

The rules in question were deleted the 13th of december and went out in
SEU: 1018 Date: 2013-12-17

thanks
Alex McDonnell
VRT


On Mon, Jan 13, 2014 at 8:52 AM, Lukas Matt <lukas.matt at ...525...> wrote:

>  Hi all, was there some progress regarding the bad range while Christmas?
>
> Cheers,
> Lukas
>
>
> On 12/16/2013 06:00 PM, Joel Esler (jesler) wrote:
>
> Lukas, yes, this will be fixed in an upcoming release.
>
>  --
> *Joel Esler*
> Intelligence Lead
> OpenSource Manager
> Vulnerability Research Team
> Jabber: jesler at ...3865...
>
>  On Dec 16, 2013, at 5:12 AM, Lukas Matt <lukas.matt at ...525...> wrote:
>
>  Hey guys,
>
> I ran into following error message "Bad range: 4294967296"
> That affect rule 28519 and 28514. The problem here is following part:
>
> byte_test:4,>,4294967296,18,relative,little;
>
> Under 32bit the maximum Int is 2^32-1 but in the rule you forgot to
> subtract 1.
> I checked also the documentation and the maximum for your byte_test is
> 4294967295.
>
> Could you double check that?
>
> Cheers,
> Lukas
>
>
> --
> Lukas Matt
> Deep Packet Inspection Researcher, RnD
>
> tel: +49-721-25516-322, cell: +49-174-3440-555
>
> Sophos Technology GmbH
> Amalienbadstr. 41/Bau 52, 76227 Karlsruhe, Germany
>
> SOPHOS Security made simple
>
> ---
> Sophos Technology GmbH, Commercial Register: Mannheim HRB 712658
> Headquarter Location: Amalienbadstr. 41/Bau 52 | 76227 Karlsruhe | Germany
> Executive Board: Nicholas Bray, Pino von Kienlin, Richard Walford, Joachim Frost, Günter Junk
>
> ------------------------------------------------------------------------------
> Rapidly troubleshoot problems before they affect your business. Most IT
> organizations don't have a clear picture of how application performance
> affects their revenue. With AppDynamics, you get 100% visibility into your
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
> Pro!
>
> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk_______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
>
>
>
> --
> Lukas Matt
> Deep Packet Inspection Researcher, RnD
>
> tel: +49-721-25516-322, cell: +49-174-3440-555
>
>
> Sophos Technology GmbH
> Amalienbadstr. 41/Bau 52, 76227 Karlsruhe, Germany
>
> SOPHOS Security made simple
>
> ---
> Sophos Technology GmbH, Commercial Register: Mannheim HRB 712658
> Headquarter Location: Amalienbadstr. 41/Bau 52 | 76227 Karlsruhe | Germany
> Executive Board: Nicholas Bray, Pino von Kienlin, Joachim Frost, Günter Junk
>
>
>
> ------------------------------------------------------------------------------
> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
> Learn Why More Businesses Are Choosing CenturyLink Cloud For
> Critical Workloads, Development Environments & Everything In Between.
> Get a Quote or Start a Free Trial Today.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> http://www.snort.org
>
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20140113/6deccddd/attachment.html>


More information about the Snort-sigs mailing list