Snort mailing list archives

Latest Snort 2.1.x on Solaris 8, Can anyone confirm please?

From: Snortty <cwcwcwg () yahoo com>
Date: Fri, 19 Mar 2004 06:04:20 -0800 (PST)


--- "Daniel J. Roelker" <droelker () sourcefire com>
wrote:

This is a problem with all events that are not rule
related events. 
I'll fix this up before 2.1.1 goes out.  Thanks for
pointing it out.

Dan

On Wed, 2004-01-14 at 17:48, Andreas Ãstling wrote:


On Wed, 14 Jan 2004, Daniel J. Roelker wrote:

Any other suggestions that users want in 2.1.1

for http_inspect or

otherwise, please let us know.


Unfortunately I've not had a chance to play much

with http_inspect yet so

forgive me if I'm lost here, but one thing seems a

bit strange to me.


For clients that send multiple requets in the same

tcp stream, two alerts

will be generated for the same request. First for

the actual packet

containing the bad request and then for the

rebuilt client stream which

obviously contains the same request again among

other stuff.


Is this the expected behaviour?
(I have examples with packet dumps if needed)
   
/Andreas

-- 
Daniel Roelker
Software Developer
Sourcefire, Inc.

-------------------------------------------------------

The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and
Integration
See the breadth of Eclipse activity. February 3-5 in
Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or
unsubscribe:

https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:

http://www.geocrawler.com/redir-sf.php3?list=snort-users


__________________________________
Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam
http://mail.yahoo.com


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Problems with snort-2.1.0 Schmehl, Paul L (Jan 12)
- <Possible follow-ups>
- RE: Problems with snort-2.1.0 Daniel J. Roelker (Jan 14)
  - RE: Problems with snort-2.1.0 Andreas Östling (Jan 14)
    - RE: Problems with snort-2.1.0 Daniel J. Roelker (Jan 15)
    - Latest Snort 2.1.x on Solaris 8, Can anyone confirm please? Snortty (Mar 19)
- RE: Problems with snort-2.1.0 Schmehl, Paul L (Jan 14)
- RE: Problems with snort-2.1.0 DM (Jan 14)