Strange effect after installing 1.8.2 (1.8.1 did work)

["Chr. v. Stuckrad" <stucki () math fu-berlin de>]

Hi!

I just compiled and run snort 1.8.2 and had two suprises:

1) 'Something' does output Packet-Contents (but only contents, no header)
   on the 'terminal' snort ist started on!  The old 1.8.1 did not show
   this behaviour.  Is there an 'official change' in snort or a module
   which does define its output in a new way?

2) in the ddos-rules snort-1.8.2 complained about every rule,
   which had a 'msg'-field including a ':' in the quoted string like:

redalert udp $EXTERNAL_NET any -> $HOME_NET 31335 (msg:"DDOS Trin00:DaemontoMaster(messagedetected)"; 
content:"l44";reference:arachnids,186; classtype:attempted-dos; sid:231; rev:1;)

In the same file there is a *working* rule with '\:' instead of ':',
so I changed ALL the rules that way, and it seems to work... 

If somebody has Ideas how to change (1), please mail me....

Thanks,   'Stucki'

-- 
Christoph von Stuckrad       * *  | nickname  | <stucki () math fu-berlin de> \
Freie Universitaet Berlin    |/_* | 'stucki'  | Tel(days):+49 30 838-75 459 |
Fachbereich Mathematik, EDV  |\ * | if online | Tel(else):+49 30 77 39 6600 |
Arnimallee 2-6/14195 Berlin  * *  | on IRCnet | Fax(alle):+49 30 838-75454 /

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users