[Snort-users] Pulledpork doesn't disable some rules
wkitty42 at ...14940...
Mon Apr 14 13:11:01 EDT 2014
On 4/14/2014 3:32 AM, C. L. Martinez wrote:
> removed 55 temporary snort files or directories from /tmp/tha_rules!
> Processing /data/config/etc/idpsuricata02/pulledpork/disablesid.conf....
> Disabled 1:2009005
> Disabled 1:2011582
> Modified 2 rules
> Setting Flowbit State....
> WARN - 1:2011582 is re-enabled by a check of the
> ET.http.javaclient.vulnerable flowbit!
> Uhmm .. How can I avoid this situation??
disable the rules that rely on that flowbit as well as the rule(s) that set it...
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
More information about the Snort-users