Snort mailing list archives
Re: Feature request: isdataat ability in specific (preprocessor) buffers
From: Bad Horse <b4dh0rs3 () gmail com>
Date: Wed, 23 Oct 2013 13:07:35 -0400
Hi Joe, sorry for the late response. I appreciate you Sourcefire guys (or is it Cisco now?) looking at this. I have to be honest here ... I have been following this list and/or contributing to the other Snort/I[DP]S mailing lists for many years. It seems that almost everytime there is a valid bug or feature request, you respond with a vague reference to, "the next big thing", or "coming soon", or "exciting new enhancements", etc. that will solve all problems. These replies are, for the most part, unpalatable. I am not in any way disagreeing with what you say or arguing that such claims do not come true. What I am (more) concerned about is the fact that the promise of future fixes highly stinks like pedestrian vendors trying to save face and make a "buck" wherever they can ... I worry that now that Sourcefire is owned by Cisco, they will become even more vendor-odorous (not to mention odious in terms of timely open source bug fixes/enhancements) and lose the flexibility to properly respond to customer needs. I am thankful for the FR and hope to see the requested functionality in a near-future release. Thanks again. -Sad Horse The Thoroughbred of SYN On Fri, Oct 18, 2013 at 11:29 AM, Joel Esler <jesler () sourcefire com> wrote:
After looking into it with some help from Development, they pointed me to a bug where we have that as a feature enhancement already, it's contingent upon something much bigger, but we have the FR tracked. Thanks. On Fri, Oct 18, 2013 at 7:14 AM, Bad Horse <b4dh0rs3 () gmail com> wrote:Sure, the one I didn't see working was http_uri. I assumed that theotherbuffers for the http_inspect preprocessor didn't work for "isdataat" aswelland if the "http_*" buffers weren't able to be used for "isdataat", I figured that the other preprocessor buffers weren't recognized too.Testedon Snort 2.9.1 and Snort 2.9.3. Thanks. -B4d H0rs3 The Thoroughbred of SYN On Fri, Oct 18, 2013 at 9:54 AM, Joel Esler <jesler () sourcefire com>wrote:Is there a buffer that doesn't work that you've noticed? Sent from my iPhone On Oct 18, 2013, at 6:42, Bad Horse <b4dh0rs3 () gmail com> wrote: This is a feature request to have Snort include the capability to usethe'isdataat' keyword for specific (preprocessor) buffers (e.g. http_uri, http_header, etc.). Thanks. -B4d H0rs3 The Thoroughbred of SYN------------------------------------------------------------------------------October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts andregister >http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!-- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Feature request: isdataat ability in specific (preprocessor) buffers Bad Horse (Oct 18)
- Re: Feature request: isdataat ability in specific (preprocessor) buffers Joel Esler (Oct 18)
- Re: Feature request: isdataat ability in specific (preprocessor) buffers Bad Horse (Oct 18)
- Re: Feature request: isdataat ability in specific (preprocessor) buffers Joel Esler (Oct 18)
- Re: Feature request: isdataat ability in specific (preprocessor) buffers Bad Horse (Oct 23)
- Re: Feature request: isdataat ability in specific (preprocessor) buffers Joel Esler (Oct 23)
- Re: Feature request: isdataat ability in specific (preprocessor) buffers Bad Horse (Oct 23)
- Re: Feature request: isdataat ability in specific (preprocessor) buffers Bad Horse (Oct 18)
- Re: Feature request: isdataat ability in specific (preprocessor) buffers Joshua Kinard (Oct 24)
- Re: Feature request: isdataat ability in specific (preprocessor) buffers Joel Esler (Oct 18)
- Re: Feature request: isdataat ability in specific (preprocessor) buffers Joshua Kinard (Oct 24)
- Re: Feature request: isdataat ability in specific (preprocessor) buffers Joel Esler (Oct 24)
- Re: Feature request: isdataat ability in specific (preprocessor) buffers L0rd Ch0de1m0rt (Nov 06)
- Re: Feature request: isdataat ability in specific (preprocessor) buffers Joel Esler (Nov 07)