[Snort-users] Part of traffic matching wrong rule

JP Vossen vossenjp at ...8683...
Wed Jun 25 20:04:06 EDT 2003

> Date: Wed, 25 Jun 2003 17:46:33 +0200 (MEST)
> From: Juergen Anthamatten <juergen.anthamatten at ...158...>
> To: andrewb at ...950...
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Part of traffic matching wrong rule
> "Andrew R. Baker" wrote:
> >
> > Juergen Anthamatten wrote:
> > > I have the strange behaviour in snort that part of the traffic is
> > > matching the wrong rule.
> > >
> > [snip]
> > >
> > > Is this a missconfiguration, or ???
> > > TIA for any hints.....
> >
> > There were a few bugs in the released version of Snort 2.0 with regards
> > to rule ordering.  These should all be fixed in the CVS version.  Can
> > you try upgrading and seeing if these alerts go away?
> Thanks!!! Yes, the  CVS version fixed the problem!

This is at least the second or third minor bug I've seen mentioned in this
list where the answer was "use the CVS version."  Yet the CVS page has, in big
red letters at the top:
	"NOTE: These snapshots may be unstable. While these may work most of
the time, these may not be 100% tested and ready for production use. Use at
your own risk."

There is also a lot of good things in the changelog more recent than

When will Snort 2.0.1 (or whatever) be out, and will there (FINALLY) be
Snort.org RPMs?  Chris, Marty???

Waiting with baited breath :-)
JP Vossen, CISSP              |:::======|         jp{at}jpsdomain{dot}org
My Account, My Opinions       |=========|       http://www.jpsdomain.org/
"The software said it requires Windows XP or better, so I installed

More information about the Snort-users mailing list