[Snort-users] Pulledpork doesn't disable some rules

waldo kitty wkitty42 at ...14940...
Mon Apr 14 13:11:01 EDT 2014


On 4/14/2014 3:32 AM, C. L. Martinez wrote:
> Cleanup....
> removed 55 temporary snort files or directories from /tmp/tha_rules!
> Processing /data/config/etc/idpsuricata02/pulledpork/disablesid.conf....
> Disabled 1:2009005
> Disabled 1:2011582
> Modified 2 rules
> Done
> Setting Flowbit State....
> WARN - 1:2011582 is re-enabled by a check of the
> ET.http.javaclient.vulnerable flowbit!
[...]
> Uhmm .. How can I avoid this situation??

disable the rules that rely on that flowbit as well as the rule(s) that set it...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-users mailing list