[Snort-sigs] F5 BIG-IP

Joshua Ochsankehl joshua.ochsankehl at ...2420...
Fri Feb 10 17:50:47 EST 2017


Does that mean there is a plugin or process outside of the snort rule
inspecting the traffic?

On Fri, Feb 10, 2017 at 4:39 PM, Y M <snort at ...3751...> wrote:

> This is a gid:3 signature; a shared object rule. The detection part of a
> is a compiled object. What you see is the signature stub.
>
> YM
> ------------------------------
> *From:* Joshua Ochsankehl <joshua.ochsankehl at ...2420...>
> *Sent:* Saturday, February 11, 2017 1:31:26 AM
> *To:* snort-sigs at lists.sourceforge.net
> *Subject:* [Snort-sigs] F5 BIG-IP
>
> Snort talos rules 41547-8 don't contain any content and only have commands
> within metadata.  What is it actually doing?
>
> V/R,
> Joshua "Ox" Ochsankehl
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>
> http://www.snort.org
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
> Visit the Snort.org to subscribe to the official Snort ruleset, make sure
> to stay up to date to catch the most <a href="
> https://snort.org/downloads/#rule-downloads">emerging threats</a>!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20170210/01f8f304/attachment.html>


More information about the Snort-sigs mailing list