[Snort-sigs] F5 BIG-IP

Y M snort at ...3751...
Fri Feb 10 17:56:23 EST 2017


This FAQ provides good information about Shared Object Rule:

https://www.snort.org/faq/shared-object-rules

YM


________________________________
From: eternity336 at ...2420... <eternity336 at ...2420...> on behalf of Joshua Ochsankehl <joshua.ochsankehl at ...2420...>
Sent: Saturday, February 11, 2017 1:50:47 AM
To: Y M
Cc: snort-sigs at lists.sourceforge.net
Subject: Re: [Snort-sigs] F5 BIG-IP

Does that mean there is a plugin or process outside of the snort rule inspecting the traffic?

On Fri, Feb 10, 2017 at 4:39 PM, Y M <snort at ...3751...<mailto:snort at ...3886......>> wrote:
This is a gid:3 signature; a shared object rule. The detection part of a is a compiled object. What you see is the signature stub.

YM
________________________________
From: Joshua Ochsankehl <joshua.ochsankehl at ...2420...<mailto:joshua.ochsankehl at ...2420...>>
Sent: Saturday, February 11, 2017 1:31:26 AM
To: snort-sigs at lists.sourceforge.net<mailto:snort-sigs at ...3414...t>
Subject: [Snort-sigs] F5 BIG-IP

Snort talos rules 41547-8 don't contain any content and only have commands within metadata.  What is it actually doing?

V/R,
Joshua "Ox" Ochsankehl

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net<mailto:Snort-sigs at lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs

http://www.snort.org

Please visit http://blog.snort.org for the latest news about Snort!

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20170210/b042e4dc/attachment.html>


More information about the Snort-sigs mailing list