[Snort-sigs] F5 BIG-IP

Y M snort at ...3751...
Fri Feb 10 17:56:23 EST 2017

This FAQ provides good information about Shared Object Rule:



From: eternity336 at ...2420... <eternity336 at ...2420...> on behalf of Joshua Ochsankehl <joshua.ochsankehl at ...2420...>
Sent: Saturday, February 11, 2017 1:50:47 AM
To: Y M
Cc: snort-sigs at lists.sourceforge.net
Subject: Re: [Snort-sigs] F5 BIG-IP

Does that mean there is a plugin or process outside of the snort rule inspecting the traffic?

On Fri, Feb 10, 2017 at 4:39 PM, Y M <snort at ...3751...<mailto:snort at ...3886......>> wrote:
This is a gid:3 signature; a shared object rule. The detection part of a is a compiled object. What you see is the signature stub.

From: Joshua Ochsankehl <joshua.ochsankehl at ...2420...<mailto:joshua.ochsankehl at ...2420...>>
Sent: Saturday, February 11, 2017 1:31:26 AM
To: snort-sigs at lists.sourceforge.net<mailto:snort-sigs at ...3414...t>
Subject: [Snort-sigs] F5 BIG-IP

Snort talos rules 41547-8 don't contain any content and only have commands within metadata.  What is it actually doing?

Joshua "Ox" Ochsankehl

Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net<mailto:Snort-sigs at lists.sourceforge.net>


Please visit http://blog.snort.org for the latest news about Snort!

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20170210/b042e4dc/attachment.html>

More information about the Snort-sigs mailing list