RE: Problems with snort-2.1.0

["Daniel J. Roelker" <droelker () sourcefire com>]

This is a problem with all events that are not rule related events. 
I'll fix this up before 2.1.1 goes out.  Thanks for pointing it out.

Dan

On Wed, 2004-01-14 at 17:48, Andreas Östling wrote:
> On Wed, 14 Jan 2004, Daniel J. Roelker wrote:
>
> > Any other suggestions that users want in 2.1.1 for http_inspect or
> > otherwise, please let us know.
>
> Unfortunately I've not had a chance to play much with http_inspect yet so 
> forgive me if I'm lost here, but one thing seems a bit strange to me.
>
> For clients that send multiple requets in the same tcp stream, two alerts 
> will be generated for the same request. First for the actual packet 
> containing the bad request and then for the rebuilt client stream which 
> obviously contains the same request again among other stuff.
>
> Is this the expected behaviour?
> (I have examples with packet dumps if needed)
>    
> /Andreas
-- 
Daniel Roelker
Software Developer
Sourcefire, Inc.



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users