Snort mailing list archives
Re: F5 BIG-IP
From: Joshua Ox <eternity336 () gmail com>
Date: Fri, 10 Feb 2017 17:18:17 -0600
So I'm going to need to look into that further sounds awesome. How does it work with Source fire? I've never seen an option to add objects like that. On Feb 10, 2017 4:58 PM, "Y M" <snort () outlook com> wrote:
This FAQ provides good information about Shared Object Rule: https://www.snort.org/faq/shared-object-rules YM ------------------------------ *From:* eternity336 () gmail com <eternity336 () gmail com> on behalf of Joshua Ochsankehl <joshua.ochsankehl () gmail com> *Sent:* Saturday, February 11, 2017 1:50:47 AM *To:* Y M *Cc:* snort-sigs () lists sourceforge net *Subject:* Re: [Snort-sigs] F5 BIG-IP Does that mean there is a plugin or process outside of the snort rule inspecting the traffic? On Fri, Feb 10, 2017 at 4:39 PM, Y M <snort () outlook com> wrote:This is a gid:3 signature; a shared object rule. The detection part of a is a compiled object. What you see is the signature stub. YM ------------------------------ *From:* Joshua Ochsankehl <joshua.ochsankehl () gmail com> *Sent:* Saturday, February 11, 2017 1:31:26 AM *To:* snort-sigs () lists sourceforge net *Subject:* [Snort-sigs] F5 BIG-IP Snort talos rules 41547-8 don't contain any content and only have commands within metadata. What is it actually doing? V/R, Joshua "Ox" Ochsankehl ------------------------------------------------------------ ------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!------------------------------------------------------------ ------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- F5 BIG-IP Joshua Ochsankehl (Feb 10)
- Re: F5 BIG-IP Alex McDonnell (Feb 10)
- Re: F5 BIG-IP Y M (Feb 10)
- Re: F5 BIG-IP Joshua Ochsankehl (Feb 10)
- Re: F5 BIG-IP Y M (Feb 10)
- Re: F5 BIG-IP Joshua Ox (Feb 10)
- Re: F5 BIG-IP Geoffrey Serrao (Feb 10)
- Re: F5 BIG-IP Joshua Ochsankehl (Feb 10)