[Snort-users] IDS484 error
vision at ...4...
Fri Mar 2 10:38:28 EST 2001
Sorry that slipped through. Insufficient sleep :) Fixed now.
On Fri, 2 Mar 2001, Joshua Fritsch wrote:
> AAAAGGGGHHHH!!! Don't make me think in hex! :)
> Snort dies when I add this rule:
> alert TCP $INTERNAL 2589 -> $EXTERNAL 1024: (msg:
> "IDS484/trojan-active-dagger_1.4.0"; flags: A+; content:
> "3200000006000000|Drives|2400|"; depth: 16;)
> Here's the error from /var/log/messages:
> Mar 2 09:41:08 foo snort: ERROR Line 25 => What is this "r"(0x72) doing in
> your binary buffer? Valid hex values only please! (0x0 - 0xF) Position: 18
> Rule taken from:
More information about the Snort-users