[Snort-users] Rules with SDF options cannot have other detection options in the same rule

waldo kitty wkitty42 at ...14940...
Tue Feb 1 21:29:17 EST 2011


On 2/1/2011 11:27, Michael Scheidell wrote:
> when compiling snort WITHOUT flexresp3, SDF rules will fail:

FWIW: i have had to completely disable or suppress the sensitive data rules for 
the networks i maintain... they false waaaaaaaay too much... especially where 
serialized URLs are used (ie: forum traffic)... the main culprit being "SSNs 
without dashes" but "SSNs with dashes" also failed quite a lot on traffic that 
had serialized transactions where dashes were used in the numbers...





More information about the Snort-users mailing list