Snort mailing list archives
Re: stream5 in dynamic rules
From: Patrick Mullen <pmullen () sourcefire com>
Date: Tue, 9 Sep 2014 10:20:34 -0400
Stream5 is part of your snort config; it has nothing to do with dynamic / shared object rules. Flowbits are supported by shared object rules and is supported by the shared object rule generator at http://labs.snort.org/cgi-bin/sorules.cgi just fine. Where are you seeing this "not supported" message? Thanks, ~Patrick On Tue, Sep 9, 2014 at 7:29 AM, Виталий Щетинин <sch_vitaliy () mail ru> wrote:
Yes! But when i generate dynamic rule, vrt generator write that flowbits not supported! how i can use stram5 in so_rules?? Tue, 9 Sep 2014 07:26:29 -0400 от Joel Esler <jesler () cisco com>: On Tue, Sep 09, 2014 at 08:00:47AM +0400, Виталий Щетинин wrote:Hello! How I can use a stream5 in dynamic rules? can I use a "flowbits" in dynamic rules&Thanks for your email. I believe you will find what you are looking for here: http://manual.snort.org/node470.html -- Joel Esler Open Source Manager Threat Intelligence Team Lead Talos ------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce. Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
-- Patrick Mullen Response Research Manager Sourcefire VRT
------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce. Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- stream5 in dynamic rules Виталий Щетинин (Sep 08)
- Re: stream5 in dynamic rules Joel Esler (Sep 09)
- Re: stream5 in dynamic rules Виталий Щетинин (Sep 09)
- Re: stream5 in dynamic rules Patrick Mullen (Sep 09)
- Re: stream5 in dynamic rules Виталий Щетинин (Sep 09)
- Re: stream5 in dynamic rules Joel Esler (Sep 09)