[Snort-users] Disablesid not working

JJ Cummings cummingsj at ...11827...
Thu Oct 14 14:05:57 EDT 2010

I'll have to look, but I bet they those are flowbits:set rules that are dependencies of other ruled, and are thusly turned back on... Might be a use case for modifysid and adding a flowbits:noalert etc...

Sent from the iRoad

On Oct 14, 2010, at 13:19, Mike Kun <mkun at ...6382...> wrote:

> I'm having an issues where some of the rules in my disablesid file are
> not working.
> It's not that the contents of the file aren't being read, only that some
> signatures continue to fire.
> Fir example, I have a list of sids:
> 1:408,1:384,1:449,1:402,1:483,1:485,1:486,1:401,1:366,1:368,1:384,1:385,1:466
> but 1-466 will fire.
> I have reran pulledpork and then stopped and restarted barnyard2 and snort.
> ------------------------------------------------------------------------------
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
> Spend less time writing and  rewriting code and more time creating great
> experiences on the web. Be a part of the beta today.
> http://p.sf.net/sfu/beautyoftheweb
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list