[Snort-users] New Vision Rule Problems (not?)
mike at ...92...
Sun Aug 20 00:20:43 EDT 2000
> Seems like this is particular to the win32 version. I looked at the diff
> between Marty's rules.c from 1.6.3 versus the rules.c of the win32 1.6,
> 220.127.116.11, and 1.6.3 and didn't see anthing that would cause this.
> Any ideas? :)
It does not seem to effect only the WIN32 version. I have tried it on
FreeBSD 4.0-RELEASE, Linux 2.0.38 and Win32. All were version 1.6.3 and all
have the problem.
The exact line I used to test was the following:
alert TCP any any -> any 80 (msg: "IDS305/web-IIS view source via Translate
header"; content: "Translate: F"; nocase; flags: AP;)
I would debug the problem, however, I have about 5000 other things that
customers, family, etc are making a little more important :)
Chief Technical Officer
Data Nerds, LLC.
> On Sat, 19 Aug 2000, Sean C Doherty wrote:
> > Max,
> > >
> > > Can people who have had problems please send me (or the list) the
> > > of Snort that you are using when you see the "content quotation" error
> > > message?
> > >
> > I am running the Win32 1.6.3 version of snort and have the ":' problem
> > The fix posted by Jim i.e. replacing the colon with |3a| worked real
> > thanks Jim!
> > Sean D
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > http://lists.sourceforge.net/mailman/listinfo/snort-users
More information about the Snort-users