[Snort-users] New Vision Rule Problems (not?)
Max Vision
vision at ...4...
Sun Aug 20 04:00:00 EDT 2000
On Sat, 19 Aug 2000, Michael Davis wrote:
> It does not seem to effect only the WIN32 version. I have tried it on
> FreeBSD 4.0-RELEASE, Linux 2.0.38 and Win32. All were version 1.6.3 and all
> have the problem.
>
> The exact line I used to test was the following:
>
> alert TCP any any -> any 80 (msg: "IDS305/web-IIS view source via Translate
> header"; content: "Translate: F"; nocase; flags: AP;)
>
Thanks for the clarification - I only suggested that you look at it as I
could personally use this rule in the unix snort distribution 1.6.3 -
but had heard two reports from win32 users that they had trouble (and
had not heard other reports of unix trouble until your email above)
`I am running the Win32 1.6.3 ver... and have the ":' problem` -Sean D
`I am using Snort version 1.6.3 running on Windows NT.` -Brent E
I guess the only odd thing is that it works fine for me under 1.6.3 on
Redhat 6.2. I'll have a look since I seem to be the only person reporting
colons working in content rules working...
thanks!
Max
More information about the Snort-users
mailing list