Snort mailing list archives
Problem with a rule
From: Tom Fischer <tfischer () abh de>
Date: Wed, 10 Apr 2002 18:35:24 +0200
I've made a rule:alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"Browser compromised .exe start"; flags:A+;content:"<classid=\"clsid:\"";content:".exe";nocase; classtype:browser-compromising;)
and a classificationconfig classification: browser-compromising;suspicous traffic - browser manipulating,1
the classification is ok. But with the rule snort breaks with Segmentation fault. So what is wrong? Tried that on two different machines.
Tom -- Tom Fischer ABH Marketingservice GmbH System Administrator Weisshaustrasse 23a Tel: 0221-94400446 50939 Koeln http://www.abh.de _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problem with a rule Tom Fischer (Apr 10)
- Re: Problem with a rule Andreas Östling (Apr 10)