[Snort-users] invalid use of byte_test on sid:16603
william.metcalf at ...11827...
Thu Jun 24 12:21:35 EDT 2010
Unless something has changed I think the use of byte_test in sid:16603
is invalid as snort only parses the first char in ">=", actually
making the test byte_test:4,>,97612894,0,relative,little;. Also I have
the registered feed so if this is fixed already please disregard.
So I think you probably want to modify...
More information about the Snort-users