Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Repeating question re: problems with director operators.

From: Brian <bmc () snort org>
Date: Wed, 6 Mar 2002 14:16:06 -0500
According to John Sage:

Adding to that the fact that the content  option doesnt work with <- 
rules, which renders some rules of the distribution worthless (example: 
sid 717), the fact is that the <- operator is seriously broken (well, it 
was never mentioned in the manual to begin with, but snort doesnt croak 
when it see its and it "works" sometimes), and all rules should be 
writen with ->.


Here's the best thought: why can't you re-write your rules so the
directional is uni-directional only, and just go on with your work...

It may be true that what you're trying to do doesn't work; personally,
I'd find a different way to do it.


You are correct.  <- is broken, and has been removed from CURRENT.
All signatures with it need to be updated.  I have updated the
signatures in CURRENT that use this broken feature.  I will be
syncing the rules again this evening after another round of updates.

-brian

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: