[Snort-users] Rules with SDF options cannot have other detection options in the same rule
wkitty42 at ...14940...
Tue Feb 1 21:29:17 EST 2011
On 2/1/2011 11:27, Michael Scheidell wrote:
> when compiling snort WITHOUT flexresp3, SDF rules will fail:
FWIW: i have had to completely disable or suppress the sensitive data rules for
the networks i maintain... they false waaaaaaaay too much... especially where
serialized URLs are used (ie: forum traffic)... the main culprit being "SSNs
without dashes" but "SSNs with dashes" also failed quite a lot on traffic that
had serialized transactions where dashes were used in the numbers...
More information about the Snort-users