Re: Bad range in Snort rules

[Lukas Matt <lukas.matt () sophos com>]

Hi Alex, why do you removed them? I mean it is only a little change 
necessary to make them work correctly.

Regards,
Lukas


On 01/13/2014 03:24 PM, Alex McDonnell wrote:
> Hi Lukas.
>
> The rules in question were deleted the 13th of december and went out 
> in SEU: 1018 Date: 2013-12-17
>
> thanks
> Alex McDonnell
> VRT
>
>
> On Mon, Jan 13, 2014 at 8:52 AM, Lukas Matt <lukas.matt () sophos com 
> <mailto:lukas.matt () sophos com>> wrote:
>
>     Hi all, was there some progress regarding the bad range while
>     Christmas?
>
>     Cheers,
>     Lukas
>
>
>     On 12/16/2013 06:00 PM, Joel Esler (jesler) wrote:
> >     Lukas, yes, this will be fixed in an upcoming release.
> >
> >     --
> >     *Joel Esler*
> >     Intelligence Lead
> >     OpenSource Manager
> >     Vulnerability Research Team
> >     Jabber: jesler () cisco com <mailto:jesler () cisco com>
> >
> >     On Dec 16, 2013, at 5:12 AM, Lukas Matt <lukas.matt () sophos com
> >     <mailto:lukas.matt () sophos com>> wrote:
> >
> > >     Hey guys,
> > >
> > >     I ran into following error message "Bad range: 4294967296"
> > >     That affect rule 28519 and 28514. The problem here is following
> > >     part:
> > >
> > >         byte_test:4,>,4294967296,18,relative,little;
> > >
> > >     Under 32bit the maximum Int is 2^32-1 but in the rule you forgot
> > >     to subtract 1.
> > >     I checked also the documentation and the maximum for your
> > >     byte_test is 4294967295.
> > >
> > >     Could you double check that?
> > >
> > >     Cheers,
> > >     Lukas
> > >
> > >
> > >     -- 
> > >     Lukas Matt
> > >     Deep Packet Inspection Researcher, RnD
> > >
> > >     tel:+49-721-25516-322  <tel:%2B49-721-25516-322>, cell:+49-174-3440-555  <tel:%2B49-174-3440-555>
> > >
> > >     Sophos Technology GmbH
> > >     Amalienbadstr. 41/Bau 52, 76227 Karlsruhe, Germany
> > >
> > >     SOPHOS Security made simple
> > >
> > >     ---
> > >     Sophos Technology GmbH, Commercial Register: Mannheim HRB 712658
> > >     Headquarter Location: Amalienbadstr. 41/Bau 52 | 76227 Karlsruhe | Germany
> > >     Executive Board: Nicholas Bray, Pino von Kienlin, Richard Walford, Joachim Frost, Günter Junk
> > >     ------------------------------------------------------------------------------
> > >     Rapidly troubleshoot problems before they affect your business.
> > >     Most IT
> > >     organizations don't have a clear picture of how application
> > >     performance
> > >     affects their revenue. With AppDynamics, you get 100% visibility
> > >     into your
> > >     Java,.NET, & PHP application. Start your 15-day FREE TRIAL of
> > >     AppDynamics Pro!
> > >     
> > > http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk_______________________________________________
> > >     Snort-sigs mailing list
> > >     Snort-sigs () lists sourceforge net
> > >     <mailto:Snort-sigs () lists sourceforge net>
> > >     https://lists.sourceforge.net/lists/listinfo/snort-sigs
> > >     http://www.snort.org
> > >
> > >
> > >     Please visit http://blog.snort.org for the latest news about Snort!
>
>
>     -- Lukas Matt Deep Packet Inspection Researcher, RnD tel:
>     +49-721-25516-322 <tel:%2B49-721-25516-322>, cell:
>     +49-174-3440-555 <tel:%2B49-174-3440-555>
>
>
>     Sophos Technology GmbH
>     Amalienbadstr. 41/Bau 52, 76227 Karlsruhe, Germany
>
>     SOPHOS Security made simple
>
>     ---
>     Sophos Technology GmbH, Commercial Register: Mannheim HRB 712658
>     Headquarter Location: Amalienbadstr. 41/Bau 52 | 76227 Karlsruhe | Germany
>     Executive Board: Nicholas Bray, Pino von Kienlin, Joachim Frost, Günter Junk
>
>
>     ------------------------------------------------------------------------------
>     CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>     Learn Why More Businesses Are Choosing CenturyLink Cloud For
>     Critical Workloads, Development Environments & Everything In Between.
>     Get a Quote or Start a Free Trial Today.
>     http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>     _______________________________________________
>     Snort-sigs mailing list
>     Snort-sigs () lists sourceforge net
>     <mailto:Snort-sigs () lists sourceforge net>
>     https://lists.sourceforge.net/lists/listinfo/snort-sigs
>     http://www.snort.org
>
>
>     Please visit http://blog.snort.org for the latest news about Snort!


--
Lukas Matt
Deep Packet Inspection Researcher, RnD

tel: +49-721-25516-322, cell: +49-174-3440-555

Sophos Technology GmbH
Amalienbadstr. 41/Bau 52, 76227 Karlsruhe, Germany

SOPHOS Security made simple

---
Sophos Technology GmbH, Commercial Register: Mannheim HRB 712658
Headquarter Location: Amalienbadstr. 41/Bau 52 | 76227 Karlsruhe | Germany
Executive Board: Nicholas Bray, Pino von Kienlin, Joachim Frost, Günter Junk

------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today. 
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs
http://www.snort.org


Please visit http://blog.snort.org for the latest news about Snort!