Re: Problem with web-iis rules

["Yan Zhai" <yzhai () unity ncsu edu>]

I actually had the http decoder on, I deleted it accidentally when posting
the configuration here (while deleting all the comments).

The attacks are real attacks instead of a packet containing those patterns.

I tried different ways to make the 2.0.2 detect the attacks, including
turning on/off stream4 and removing the flow:established in the rule file.
 But when I finally went back to the 1.9.1, which used to detect those
attacks in an experiment several months ago, the snort can detect my
attacks again.  I don't know what caused the problem, but I think I will
use the 1.9.1 in the later experiments for this time.

BTW, is there any option that I can use to make the snort output the
unformatted timestamps(the long int format) instead of the formatted ones?




-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users